为什么 ComputeHash 的行为不具有确定性?
我遇到了一个有趣的问题..似乎“HMACSHA256”哈希的ComputeHash()行为并不具有确定性..如果我使用HashAlgorithm.Create(“HMACSHA256”)创建HashAlgorithm的两个实例..并运行ComputeHash,我得到两个不同的结果..下面是展示此行为的示例静态类。
internal static string HashPassword(byte[] bAll)
{
using (HashAlgorithm s = HashAlgorithm.Create("HMACSHA256"))
{
return Convert.ToBase64String(s.ComputeHash(bAll));
}
}
我还尝试使调用成为非静态的(实际上它开始时是非静态的,并且我对我的输入数组进行了两次、三次和四次检查。每次调用都完全相同。我什至在立即完成了一些事情像这样的窗口:
Convert.ToBase64String(HashAlgorithm.Create("HMACSHA256").ComputeHash(bAll)
通过方法中的断点在立即窗口中运行两次会返回两个不同的哈希值。
我知道哈希值应该是确定性的。那么在调试器或任何其他程序中运行会发生什么情况?想法?真的,现在这只是两个奇怪的词:-P..
谢谢 乔什
I've run into an interesting issue.. It seems that ComputeHash() for a "HMACSHA256" hash is not behaving deterministically.. if I create two instances of HashAlgorithm using HashAlgorithm.Create("HMACSHA256").. And run ComputeHash, I get two different results.. below is an example static class that exhibiting this behavior.
internal static string HashPassword(byte[] bAll)
{
using (HashAlgorithm s = HashAlgorithm.Create("HMACSHA256"))
{
return Convert.ToBase64String(s.ComputeHash(bAll));
}
}
I've also tried to make the call non static (actually it started non static, and I have double and triple and quadrudruple checked my input array.. its absolutely the same on each call.. I've even done stuff in the immidiate window like :
Convert.ToBase64String(HashAlgorithm.Create("HMACSHA256").ComputeHash(bAll)
And running that twice in the immidiates window via a breakpoint in the method returns two different hashes..
I know Hash is suppose to be deterministic.. So what gives? is something going on with running in a debugger? Or any other ideas? really this is just two weird for words right now :-P..
Thanks
Josh
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
HMAC 是一个带密钥的哈希值。我在您的示例代码中没有看到关键。
HashAlgorithm.Create("HMACSHA256")创建一个 HashAlgorithm 实例,因此它不知道有关密钥的任何信息。它可能只是调用此 HMACSHA256 构造函数:您需要此构造函数:
如果您不想硬编码 HMAC 算法,可以使用 KeyedHashAlgorithm通过设置 KeyedHashAlgorithm.Key 属性。
如果您不想使用密钥,请使用 SHA256 等非密钥哈希。
HMAC is a keyed hash. I don't see the key in your example code.
HashAlgorithm.Create("HMACSHA256")creates a HashAlgorithm instance, so it doesn't know anything about a key. It probably just calls this HMACSHA256 Constructor:You want this constructor:
If you don't want to to hard-code the HMAC algorithm, you can use KeyedHashAlgorithm.Create and supply a specific key by setting the KeyedHashAlgorithm.Key property.
If you don't want to use a key, then use a non-keyed hash like SHA256.
只是添加这一点,希望能减轻我所经历的头痛。
对于.Net Membership Provider,请确保您的 web.config 或 app.config 中有该设置。否则它会自动生成自己的密钥……在身份验证上大费周章,然后最后会嘲笑你。
Just adding to this in hopes to save someone the headache I went through.
In the case of .Net Membership Provider, make sure you have the setting in your web.config or app.config. Else it will automatically generate its own key... crap out on authentication, and then belligerently laugh at you in the end.
您需要 HMACSHA256 的密钥。如果不将密钥传递给构造函数,则密钥将是随机的。
You need a Key for HMACSHA256. The key will be random if it is not passed into the constructor.