问题描述

首先我读这的Hashing一个使用SHA256密码和.NET / Node.js的，并没有帮助我。

First of all I read this Hashing a password using SHA256 and .NET/Node.js and it didn't help me.

我要核实ASP.NET中的node.js环境创建的密码的哈希值。有人告诉我，使用这种算法生成的密码：<一href="http://stackoverflow.com/questions/1137368/what-is-default-hash-algorithm-that-asp-net-membership-uses?answertab=active#tab-top">What是ASP.NET成员资格使用？。

I have to verify passwords hashes created in ASP.NET in node.js environment. I was told that passwords are generated using this algorithm: What is default hash algorithm that ASP.NET membership uses?.

我有例如密码哈希和盐（第一行是密码，第二行是盐）：

I have example password hash and salt (first line is password and second line is salt):

"Password": "jj/rf7OxXM263rPgvLan4M6Is7o=",
"PasswordSalt": "/Eju9rmaJp03e3+z1v5s+A==",

我知道散列算法 SHA1 ，我知道上面的散列输入生成 test123 。不过，我无法重现散列算法来获得相同的哈希此输入。我尝试过：

I know that hash algorithm is SHA1 and I know that above hash is generated for input test123. However I can't reproduce hashing algorithm to get same hash for this input. What I tried:

Password = "jj/rf7OxXM263rPgvLan4M6Is7o="
PasswordSalt = "/Eju9rmaJp03e3+z1v5s+A=="
crypto = require("crypto")
sha1 = crypto.createHash("sha1")
PasswordSalt = new Buffer(PasswordSalt, 'base64').toString('utf8')
sha1.update(PasswordSalt+"test123", "utf8")
result = sha1.digest("base64")
console.log(Password)
console.log(result)

结果是：

jj/rf7OxXM263rPgvLan4M6Is7o=
xIjxRod4+HVYzlHZ9xomGGGY6d8=

我能得到工作的C＃算法：

I was able to get working C# algorithm:

using System.IO;
using System;
using System.Text;
using System.Security.Cryptography;

class Program
{

    static string EncodePassword(string pass, string salt)
    {
        byte[] bytes = Encoding.Unicode.GetBytes(pass);
        byte[] src = Convert.FromBase64String(salt);
        byte[] dst = new byte[src.Length + bytes.Length];
        Buffer.BlockCopy(src, 0, dst, 0, src.Length);
        Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
        HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
        byte[] inArray = algorithm.ComputeHash(dst);
        return Convert.ToBase64String(inArray);
    }

    static void Main()
    {
        string pass = "test123";
        string salt = "/Eju9rmaJp03e3+z1v5s+A==";
        string hash = Program.EncodePassword(pass,salt);
        Console.WriteLine(hash);
        // outputs jj/rf7OxXM263rPgvLan4M6Is7o=
    }
}

因此​​，现在是移植这种算法node.js中只是一个问题问题是，C＃神奇地运行在字节，我不知道如何做到这一点的节点。请考虑以下code（它不使用任何盐 - 它只是从密码生成的base64 SHA1：

So now it is just a matter of porting this algorithm to node.js. The problem is that c# somehow magically operates on bytes and I don't know how to do it in node. Consider following code (it does not use any salt - it just creates base64 sha1 from password:

crypto = require("crypto")
pass = 'test123'
sha1 = crypto.createHash("sha1")
buf = new Buffer( pass, 'utf8')
sha1.update(buf)
result = sha1.digest("base64")
console.log(result)
// outputs cojt0Pw//L6ToM8G41aOKFIWh7w=

和在C＃

 using System.Text;
 using System.Security.Cryptography;
 string pass = "test123";
 byte[] bytes = Encoding.Unicode.GetBytes(pass);
 HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
 byte[] inArray = algorithm.ComputeHash(bytes);
 string hash = Convert.ToBase64String(inArray);
 Console.WriteLine(hash);
 // outputs Oc/baVMs/zM28IqDqsQlJPQc1uk=

我需要code在node.js中，将在C＃中返回相同的值code。任何想法？

I need code in node.js that will return same value as code in c#. Any ideas?

推荐答案

我终于在这里找到了正确的答案： https：//开头要点.github.com / PalmerEk / 1191651 （与UCS2到utf16le应按变化不大）：

I finally found the right answer here: https://gist.github.com/PalmerEk/1191651 (with little change from 'ucs2' to 'utf16le'):

function dotnet_membership_password_hash(pass, salt)
{
  var bytes = new Buffer(pass || '', 'utf16le');
  var src = new Buffer(salt || '', 'base64');
  var dst = new Buffer(src.length + bytes.length);
  src.copy(dst, 0, 0, src.length);
  bytes.copy(dst, src.length, 0, bytes.length);

  return crypto.createHash('sha1').update(dst).digest('base64');
}

这篇关于如何检查ASP.NET密码哈希中的node.js的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！