我正在尝试使用NodeJS加密库和C# Rfc2898DeriveBytes生成相同的密码哈希值。使用来自C#的盐时,NodeJS实现未生成相同的密钥。我做错了什么吗? 在C#中:
public static string HashPassword(string password)
{
// random khóa
using (var rngCryp = new RNGCryptoServiceProvider())
{
var salt = new byte[SaltBytes];
rngCryp.GetBytes(salt);
// Hash the password and encode the parameters
byte[] hash = Rfc2898Deriver(password, salt, Pbkdf2Iterations, HashBytes);
return Pbkdf2Iterations + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
}
}
private static byte[] Rfc2898Deriver(string password, byte[] salt, int iterations, int outputMaxByte)
{
using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
{
deriveBytes.IterationCount = iterations;
return deriveBytes.GetBytes(outputMaxByte);
}
}
在Node.js中:
export const hash = (text, salt) => new Promise((resolve, reject) => {
crypto.pbkdf2(text, salt, iterations, bytes, 'sha256', function (err, derivedKey) {
if (err) { reject(err) }
else {
//return Pbkdf2Iterations + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
var hash = new Buffer(derivedKey).toString('base64');
var pass = `${iterations}:${salt}:${hash}`
resolve(pass);
}});})
并且像这样使用:
var a = Buffer.from("qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq", 'base64')
var a0 = new Buffer("qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq")
var pas1 = new Buffer('AL7h8Jx4r8a8PjS5', 'base64')
hash(pas1,a0).then(pass => {
console.log("pass: ", pass)
const hashes = crypto.getHashes();
console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
res.send(pass + "\n1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:RkdpgAcpijFqYgVxBCvJugMXqnt4j5f3")
})
你会发现,C#和Nodejs中的hass pass是不同的。
Node ->
1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:D19SUxg6AQxgSLe7YXISPWPvgIoR6BEw
C# ->
1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:RkdpgAcpijFqYgVxBCvJugMXqnt4j5f3