bcrypt的.Net实现，它实现了HashAlgorithm？

发布于 2024-11-01 06:10:29 字数 157 浏览 11 评论 0原文

我希望在我的身份验证库中允许 bcrypt 支持。现在的问题之一是我假设哈希器的类型为HashAlgorithm。 Bcrypt.net 没有实现此类。另外，它是密封的，所以我必须用它创建我自己的分支并自己修改它。有没有更好的替代方案已经实现了 HashAlgorithm？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

時窥 2024-11-08 06:10:29

试试这个：

public class BCryptHasher : HashAlgorithm
{
    private MemoryStream passwordStream = null;

    protected override void HashCore(byte[] array, int ibStart, int cbSize)
    {
        if (passwordStream == null || Salt == null)
            Initialize();

        passwordStream.Write(array, ibStart, cbSize);
    }

    protected override byte[] HashFinal()
    {
        passwordStream.Flush();

        // Get the hash
        return Encoding.UTF8.GetBytes(BCrypt.Net.BCrypt.HashPassword(Encoding.UTF8.GetString(passwordStream.ToArray()), Salt));            
    }

    public override void Initialize()
    {
        passwordStream = new MemoryStream();

        // Set up salt
        if (Salt == null)
        {
            if (WorkFactor == 0)
                Salt = BCrypt.Net.BCrypt.GenerateSalt();
            else
                Salt = BCrypt.Net.BCrypt.GenerateSalt(WorkFactor);
        }
    }

    public int WorkFactor { get; set; }

    public string Salt { get; set; }

    public bool Verify(string plain, string hash)
    {
        return BCrypt.Net.BCrypt.Verify(plain, hash);
    }
}

用法：

BCryptHasher hasher = new BCryptHasher();
string pw = "abc";
string hash = Encoding.UTF8.GetString(hasher.ComputeHash(Encoding.UTF8.GetBytes(pw)));

另外，我添加了一个辅助验证方法，以便您可以验证密码和哈希是否匹配，但如果您只调用默认的 BCrypt.Verify，则可以消除这种情况。

bool matches = hasher.Verify(pw, hash);

我添加了一些额外的属性，以便您可以在执行哈希之前传递预先计算的盐或工作因子来生成新的盐：

string pw = "abc";
hasher.Salt = "$2a$06$If6bvum7DFjUnE9p2uDeDu";
string hash = Encoding.UTF8.GetString(hasher.ComputeHash(Encoding.UTF8.GetBytes(pw)));

我使用 BCrypt 测试用例“abc”进行了尝试，盐为“$2a$06$” If6bvum7DFjUnE9p2uDeDu”并得到了正确的哈希值。

Try this:

public class BCryptHasher : HashAlgorithm
{
    private MemoryStream passwordStream = null;

    protected override void HashCore(byte[] array, int ibStart, int cbSize)
    {
        if (passwordStream == null || Salt == null)
            Initialize();

        passwordStream.Write(array, ibStart, cbSize);
    }

    protected override byte[] HashFinal()
    {
        passwordStream.Flush();

        // Get the hash
        return Encoding.UTF8.GetBytes(BCrypt.Net.BCrypt.HashPassword(Encoding.UTF8.GetString(passwordStream.ToArray()), Salt));            
    }

    public override void Initialize()
    {
        passwordStream = new MemoryStream();

        // Set up salt
        if (Salt == null)
        {
            if (WorkFactor == 0)
                Salt = BCrypt.Net.BCrypt.GenerateSalt();
            else
                Salt = BCrypt.Net.BCrypt.GenerateSalt(WorkFactor);
        }
    }

    public int WorkFactor { get; set; }

    public string Salt { get; set; }

    public bool Verify(string plain, string hash)
    {
        return BCrypt.Net.BCrypt.Verify(plain, hash);
    }
}

Usage:

BCryptHasher hasher = new BCryptHasher();
string pw = "abc";
string hash = Encoding.UTF8.GetString(hasher.ComputeHash(Encoding.UTF8.GetBytes(pw)));

Also, I added a helper Verify method so you can verify that the password and hash match, but you can eliminate this if you just call the default BCrypt.Verify.

bool matches = hasher.Verify(pw, hash);

I added some extra properties so you can pass in a pre-computed salt or a work factor to generate a new salt before you do the hash:

string pw = "abc";
hasher.Salt = "$2a$06$If6bvum7DFjUnE9p2uDeDu";
string hash = Encoding.UTF8.GetString(hasher.ComputeHash(Encoding.UTF8.GetBytes(pw)));

I tried it with the BCrypt test case "abc" with a salt of "$2a$06$If6bvum7DFjUnE9p2uDeDu" and got the correct hash.

回复收藏 0 原文

~没有更多了~