当前位置: 文江博客话题详情

经典asp和ASP.NET之间的密码加密/解密

发布于 2024-08-10 22:51:46 字数 1306 浏览 7 评论 0原文

我有 2 个网站:一个用经典 ASP 编写,另一个用 ASP.NET(1.1 框架)编写。这两个应用程序都使用登录机制来验证基于共享数据库表的用户凭据。到目前为止,密码存储在单向 MD5 哈希中,这意味着如果人们丢失旧密码,则必须为其提供新生成的密码。我现在想更改此设置并使密码可解密。

我发现这个 Rijndael 代码可以与经典 asp 一起使用: http://www.frez.co.uk/freecode.htm#rijndael

但我找不到 ASP.NET 的相同解决方案。我尝试了这个,但它给了我经典 asp 和 ASP.NET 代码之间不同的加密和解密结果:

        If Not String.IsNullOrEmpty(TextBox1.Text) And Not String.IsNullOrEmpty(TextBox2.Text) Then

        Dim password = TextBox1.Text
        Dim key = TextBox2.Text

        Dim keyGenerator = New Rfc2898DeriveBytes(key, 8)
        Dim r = New RijndaelManaged

        r.Mode = CipherMode.CBC
        r.Padding = PaddingMode.Zeros
        r.BlockSize = 256
        r.KeySize = 256
        r.FeedbackSize = 256

        r.IV = keyGenerator.GetBytes(CType(r.BlockSize / 8, Integer))
        r.Key = keyGenerator.GetBytes(CType(r.KeySize / 8, Integer))

        Dim transform As ICryptoTransform = r.CreateEncryptor()

        Dim encoded As Byte() = Encoding.ASCII.GetBytes(password)
        Dim target As Byte() = transform.TransformFinalBlock(encoded, 0, encoded.Length)

        TextBox3.Text = Encoding.ASCII.GetString(target)

    End If

我认为我在生成密钥或 iv 时做错了什么,但我找不到解决方案。

原文

I have 2 websites: one written in classic asp and another written in ASP.NET (1.1 framework). Both applications use a login mechanism to validate user credentials based on a shared database table. Up to now passwords are stored in a 1-way MD5 hash, meaning people must be given a new generated password if they lose the old one. I now want to change this and make the passwords decryptable.

I found this Rijndael code to use with classic asp:
http://www.frez.co.uk/freecode.htm#rijndael

But I cannot find the same solution for ASP.NET. I tried this, but it gives me different encryption and decryption results between the classic asp and ASP.NET code:

        If Not String.IsNullOrEmpty(TextBox1.Text) And Not String.IsNullOrEmpty(TextBox2.Text) Then

        Dim password = TextBox1.Text
        Dim key = TextBox2.Text

        Dim keyGenerator = New Rfc2898DeriveBytes(key, 8)
        Dim r = New RijndaelManaged

        r.Mode = CipherMode.CBC
        r.Padding = PaddingMode.Zeros
        r.BlockSize = 256
        r.KeySize = 256
        r.FeedbackSize = 256

        r.IV = keyGenerator.GetBytes(CType(r.BlockSize / 8, Integer))
        r.Key = keyGenerator.GetBytes(CType(r.KeySize / 8, Integer))

        Dim transform As ICryptoTransform = r.CreateEncryptor()

        Dim encoded As Byte() = Encoding.ASCII.GetBytes(password)
        Dim target As Byte() = transform.TransformFinalBlock(encoded, 0, encoded.Length)

        TextBox3.Text = Encoding.ASCII.GetString(target)

    End If

I think I'm doing something wrong with generating the key or iv, but I can't find a solution.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

阳光的暖冬 2024-08-17 22:51:46

Phil Fresle 提供了此代码的 C# 版本,可在此处下载: http://www.frez.co.uk /csharp.aspx。该实现仍然与经典版本不同,因为它采用初始化向量以及块和密钥大小的参数。

您可以使用此实现来匹配经典版本,如下所示:

// Convert the input values to byte[]'s representing ASCII encoding.
// This is what the classic version does
byte[] dataToEncrypt = ASCIIEncoding.ASCII.GetBytes("Ryno");
byte[] password = ASCIIEncoding.ASCII.GetBytes("Saurus");

// Encrypt the data into an array of types
// Notice the block size is 256 bits and the initialization vector is empty.
byte[] results = Rijndael.EncryptData(
    dataToEncrypt,
    password,
    new byte[] { },  // Initialization vector
    Rijndael.BlockSize.Block256,  // Typically 128 in most implementations
    Rijndael.KeySize.Key256,
    Rijndael.EncryptionMode.ModeEBC 
);

// Convert bytes into a HEX string representation
StringBuilder hex = new StringBuilder(results.Length * 2);
foreach (byte b in results)
    hex.AppendFormat("{0:x2}", b);

// FINAL OUTPUT: This matches output of classic ASP Rijndael encryption
string hexEncodedString= hex.ToString();

大多数默认实现将使用 128192256 位的密钥大小。 128 位的块大小是标准的。尽管某些实现允许 128 位以外的块大小,但更改块大小只会将另一项添加到混合中,从而在尝试在一种实现中加密数据以在另一种实现中正确解密时造成混乱。

希望这有帮助。

更新

Phil 的链接不再可用,所以我创建了 2 个要点:

Phil Fresle provides a C# version of this code downloadable here: http://www.frez.co.uk/csharp.aspx. The implementation is still different than the classic version as it takes arguments for an initialization vector as well as the block and key size.

You can use this implementation to match the classic version like so:

// Convert the input values to byte[]'s representing ASCII encoding.
// This is what the classic version does
byte[] dataToEncrypt = ASCIIEncoding.ASCII.GetBytes("Ryno");
byte[] password = ASCIIEncoding.ASCII.GetBytes("Saurus");

// Encrypt the data into an array of types
// Notice the block size is 256 bits and the initialization vector is empty.
byte[] results = Rijndael.EncryptData(
    dataToEncrypt,
    password,
    new byte[] { },  // Initialization vector
    Rijndael.BlockSize.Block256,  // Typically 128 in most implementations
    Rijndael.KeySize.Key256,
    Rijndael.EncryptionMode.ModeEBC 
);

// Convert bytes into a HEX string representation
StringBuilder hex = new StringBuilder(results.Length * 2);
foreach (byte b in results)
    hex.AppendFormat("{0:x2}", b);

// FINAL OUTPUT: This matches output of classic ASP Rijndael encryption
string hexEncodedString= hex.ToString();

Most default implementations will use a key size of 128, 192, or 256 bits. A block size at 128 bits is standard. Although some implementations allow block sizes other than 128 bits, changing the block size will just add another item into the mix to cause confusion when trying to get data encrypted in one implementation to properly decrypt in another.

Hopefully this helps.

Update

Phil's link is no longer available, so I've created a 2 Gists:

回复 原文
梦境 2024-08-17 22:51:46

我快速浏览了经典的 asp 文件,它没有提到使用的块模式,而您的 .net 代码指定了 CBC 模式以及填充。此外,经典的实现指出:

' 2001 年 4 月 3 日:添加到
底部用于加密/解密大
' 数据数组。整个长度为
该数组作为第一个插入
四个'字节​​到前面
结果字节的第一个块
' 加密前的数组。

您是否使用这些函数,如果您也在加密大小字节。

请放心,.net 加密工作良好,我猜您的问题出在您找到的经典解决方案中。如果我处在你的位置,我会从简化事情开始,只用每种方法加密一个块,然后从那里扩展......祝你好运

I had a quick look at the classic asp files and it doesn't mention the block mode used, whereas your .net code specifies CBC mode and also the padding. Further the classic implementation states:

' 3-Apr-2001: Functions added to the
bottom for encrypting/decrypting large
' arrays of data. The entire length of
the array is inserted as the first
four ' bytes onto the front of the
first block of the resultant byte
array before ' encryption.

Are you using those functions, if you are then your encrypting the size bytes too.

Be assured the .net encryption works well, I'd guess your problem is in the classic solution you've found. If I were in your position I'd start by simplifying things and just encrypt a single block with each method and then expand from there... good luck

回复 原文
我为君王 2024-08-17 22:51:46

由于 ASP classic 没有本机哈希函数,因此您可能需要将 MD5 VBScript 代码移植到 .NET 语言,或者使用常见的加密组件,因为遗留代码中存在一些错误。

Since ASP classic doesn't have native hash functions, you'll probably need to port your MD5 VBScript code to your .NET language, or to use a common cryptography component, due some error on your legacy code.

回复 原文
~没有更多了~

关于作者

夜还是长夜

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文