NodeJS：如何生成类似于C#的Rfc2898DeriveBytes？

Question

NodeJS：如何生成类似于C#的Rfc2898DeriveBytes？

3

我正在尝试使用NodeJS加密库和C# Rfc2898DeriveBytes生成相同的密码哈希值。使用来自C＃的盐时，NodeJS实现未生成相同的密钥。我做错了什么吗？在C#中：

public static string HashPassword(string password)
    {
        // random khóa 
        using (var rngCryp = new RNGCryptoServiceProvider())
        {
            var salt = new byte[SaltBytes];
            rngCryp.GetBytes(salt);

            // Hash the password and encode the parameters
            byte[] hash = Rfc2898Deriver(password, salt, Pbkdf2Iterations, HashBytes);

            return Pbkdf2Iterations + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
        }
    }
private static byte[] Rfc2898Deriver(string password, byte[] salt, int iterations, int outputMaxByte)
    {
        using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
        {
            deriveBytes.IterationCount = iterations;
            return deriveBytes.GetBytes(outputMaxByte);
        }
    }

在Node.js中：

export const hash = (text, salt) => new Promise((resolve, reject) => {
  crypto.pbkdf2(text, salt, iterations, bytes, 'sha256', function (err, derivedKey) {
if (err) { reject(err) }
else {
  //return Pbkdf2Iterations + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
  var hash = new Buffer(derivedKey).toString('base64');
  var pass = `${iterations}:${salt}:${hash}`
  resolve(pass);
}});})

并且像这样使用：

var a = Buffer.from("qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq", 'base64')
var a0 = new Buffer("qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq")
var pas1 = new Buffer('AL7h8Jx4r8a8PjS5', 'base64')
hash(pas1,a0).then(pass => {
    console.log("pass: ", pass)
    const hashes = crypto.getHashes();
    console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]
    res.send(pass + "\n1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:RkdpgAcpijFqYgVxBCvJugMXqnt4j5f3")
})

你会发现，C#和Nodejs中的hass pass是不同的。

Node ->

1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:D19SUxg6AQxgSLe7YXISPWPvgIoR6BEw

C# ->

1000:qcMqVYE0EzAU9Uz+mQxBaKFICG1vR1iq:RkdpgAcpijFqYgVxBCvJugMXqnt4j5f3

- Nguyen Van Phong

2个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Jay seen · Answer 1

这里我输入了固定的salt，你也可以生成随机长度为16的字符串。你也可以更改长度，而不是我的“32”。

var crypto = require('crypto');
salt = '1234123412341234';
saltString = new Buffer(salt).toString('hex');
var password = 'welcome';
var nodeCrypto = crypto.pbkdf2Sync(new Buffer(password), new Buffer(saltString, 'hex'), 1000, 32, 'sha1');
var hashInHex="00"+saltString+nodeCrypto.toString('hex').toUpperCase();
var FinalHash = Buffer.from(hashInHex, 'hex').toString('base64')
console.log("saltInHex: "+saltString);
console.log("FinalHashInBase64: "+FinalHash);

使用以下代码来匹配存储的哈希密码和用户输入密码：

// NodeJS implementation of crypto, I'm sure google's 
// cryptoJS would work equally well.
var crypto = require('crypto');

// The value stored in [dbo].[AspNetUsers].[PasswordHash]
var hashedPwd = "AGYzaTk3eldHaXkxbDlkQmn+mVJZEjd+0oOcLTNvSQ+lvUQIF1u1CNMs+WjXEzOYNg==";
var hashedPasswordBytes = new Buffer(hashedPwd, 'base64');

var hexChar = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];

var saltString = "";
var storedSubKeyString = "";

// build strings of octets for the salt and the stored key
for (var i = 1; i < hashedPasswordBytes.length; i++) {
    if (i > 0 && i <= 16) {
        saltString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f]
    }
    if (i > 0 && i > 16) {
        storedSubKeyString += hexChar[(hashedPasswordBytes[i] >> 4) & 0x0f] + hexChar[hashedPasswordBytes[i] & 0x0f];
    }
}

// password provided by the user
var password = 'vish@123';

// TODO remove debug - logging passwords in prod is considered 
// tasteless for some odd reason
console.log('cleartext: ' + password);
console.log('saltString: ' + saltString);
console.log('storedSubKeyString: ' + storedSubKeyString);

// This is where the magic happens. 
// If you are doing your own hashing, you can (and maybe should)
// perform more iterations of applying the salt and perhaps
// use a stronger hash than sha1, but if you want it to work
// with the [as of 2015] Microsoft Identity framework, keep
// these settings.
var nodeCrypto = crypto.pbkdf2Sync(new Buffer(password), new Buffer(saltString, 'hex'), 1000, 256, 'sha1');

// get a hex string of the derived bytes
var derivedKeyOctets = nodeCrypto.toString('hex').toUpperCase();

console.log("hex of derived key octets: " + derivedKeyOctets);

// The first 64 bytes of the derived key should
// match the stored sub key
if (derivedKeyOctets.indexOf(storedSubKeyString) === 0) {
    console.info("passwords match!");
} else {
    console.warn("passwords DO NOT match!");
}

- Sergey · Answer 2

我有一个非常类似的问题，实际上你的发现帮了我很多。看起来你唯一遇到的问题就是将错误的哈希算法传递给了pbkdf2函数。

看起来Rfc2898DeriveBytes默认使用SHA1。所以在node中你应该使用类似这样的东西：

crypto.pbkdf2(text, salt, iterations, bytes, 'sha1', (err, key) => {
    console.log(key.toString('hex'));
});