问题描述

我有一个庞大的用户数据库(约 200,000 个)，我正在将其从 ASP.NET 应用程序转移到 Ruby on Rails 应用程序.我真的不想要求每个用户重置他们的密码，所以我正在尝试在 Ruby 中重新实现 C# 密码哈希函数.

I have a large database of users (~200,000) that I'm transferring from a ASP.NET application to a Ruby on Rails application. I don't really want to ask every user to reset their password and so I'm trying to re-implement the C# password hashing function in Ruby.

旧函数是这样的:

public string EncodePassword(string pass, string saltBase64)
 {
     byte[] bytes = Encoding.Unicode.GetBytes(pass);
     byte[] src = Convert.FromBase64String(saltBase64);
     byte[] dst = new byte[src.Length + bytes.Length];
     Buffer.BlockCopy(src, 0, dst, 0, src.Length);
     Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
     HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
     byte[] inArray = algorithm.ComputeHash(dst);
     return Convert.ToBase64String(inArray);
 }

哈希密码和盐的示例是(并且使用的密码是密码"):

An example hashed password and salt is (and the password used was "password"):

哈希密码:weEWx4rhyPtd3kec7usysxf7kpk="盐:1ptFxHq7ALe7yXIQDdzQ9Q=="密码:密码"

Hashed password: "weEWx4rhyPtd3kec7usysxf7kpk=" Salt: "1ptFxHq7ALe7yXIQDdzQ9Q==" Password: "password"

现在使用以下 Ruby 代码:

Now with the following Ruby code:

require "base64"
require "digest/sha1"


password = "password"
salt = "1ptFxHq7ALe7yXIQDdzQ9Q=="

concat = salt+password

sha1 = Digest::SHA1.digest(concat)

encoded = Base64.encode64(sha1)

puts encoded

我没有得到正确的密码哈希(我得到的是+BsdIOBN/Vh2U7qWG4e+O13h3iQ="而不是weEWx4rhyPtd3kec7usysxf7kpk=").谁能看出问题出在哪里?

I'm not getting the correct password hash (I'm getting "+BsdIOBN/Vh2U7qWG4e+O13h3iQ=" instead of "weEWx4rhyPtd3kec7usysxf7kpk="). Can anyone see what the problem might be?

非常感谢

阿方

推荐答案

刚刚更新一下，我的一个同事已经解决了这个问题:

Just a quick update, a colleague of mine has solved this:

require "base64"
require "digest"
require "jcode"


def encode_password(password, salt)
 bytes = ""
 password.each_char { |c| bytes += c + "x00" }
 salty = Base64.decode64(salt)
 concat = salty+bytes
 sha1 = Digest::SHA1.digest(concat)
 encoded = Base64.encode64(sha1).strip()
 puts encoded
end

这篇关于在 Ruby 中重新实现 ASP.NET 成员资格和用户密码哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！