PHP crypt() function in .Net?
I'm rewriting a PHP web site in ASP.NET MVC. I'd like to maintain the same user base but the passwords are hashed using the PHP crypt() function. I need the same function in .Net so that I can hash a password on login and check it against the hashed password in the user database.
crypt in this case is using the CRYPT_MD5 implementation - the hashes all start with $1$
I've tried Phalanger but it doesn't have an MD5 implementation of the crypt function.
Does anyone know of one in .Net? The C# example of crypt() on CodeProject uses DES, not MD5.
I've tried the following code in C#, with different permutations of salt+password, password+salt and salt with and without $1$ prefix and $ suffix. None gives same result as PHP:
static void Main(string[] args)
{
const string salt = "somesalt";
const string password = "fubar";
const string plaintextString = password + salt;
byte[] plaintext = GetBytes(plaintextString);
var md5 = MD5.Create("MD5");
byte[] hash = md5.ComputeHash(plaintext);
string s = System.Convert.ToBase64String(hash);
Console.WriteLine("Hash of " + password + " is " + s);
Console.ReadKey();
}
private static byte[] GetBytes(string s)
{
var result = new byte[s.Length];
for (int i = 0; i < s.Length; i++)
result[i] = (byte)s[i];
return result;
}
There are a few .NET methods for md5 hashing, System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, format)
is the easiest to use, even though it's a mouthful. Just pass "md5" through as the format.
Depending on how PHP is doing this, it may be as simple as chopping the $1$
off the beginning of the hash when you import it. It may be more complex. If you can post an example password/hash, I'll see if I can come up with some C# that generates the same hash from that password for you.
Have you taken a look at the .NET MD5 class? $1$ is part of a 12 character salt.
These look promising, at least.
unix md5crypt for CRYPT_MD5
with $1$
salts.
(AC# implementation of Unix crypt() for DES)
链接地址: http://www.djcxy.com/p/42134.html上一篇: 在IIS中安全吗?
下一篇: .net中的crypt()函数?