使用 Base64 进行输入和输出的 SHA256 实现
我被要求为 iPad 开发公司的后台,在开发登录屏幕时,我遇到了身份验证过程的问题。
密码与盐连接,使用 SHA-256 进行哈希处理并存储在数据库中。 后台基于 Flash,并使用 as3crypto 库进行哈希处理,然后使用密码+盐,我的问题是当前的实现使用 Base64 进行输入和输出。
此站点演示了如何做到这一点:只需选择哈希并选择 Base64 作为输入和输出格式,然后开火。到目前为止,我所有的尝试都产生了与该网站(和后台代码)给我的结果不同的结果。
虽然我认为理论上它应该相对简单:
- Base64 编码 pass+salt
- 使用 SHA-256 对其进行哈希处理
- Base64 再次编码结果
到目前为止我还无法做到这一点,而且我很头疼诚实的。 我的代码正在变成一个活生生的迷宫,我想我明天必须重做。
有什么想法吗? 提前干杯并感谢
PS:顺便说一句,这是 Backoffice 的 Flash 代码,用于生成散列密码:
var currentResult:ByteArray;
var hash:IHash = Crypto.getHash('sha256');
var data:ByteArray = Base64.decodeToByteArray(str + vatel);
currentResult = hash.hash(data);
return Base64.encodeByteArray(currentResult).toString();
I've been asked to develop the company's backoffice for the iPad and, while developing the login screen, I've ran into an issue with the authentication process.
The passwords are concatenated with a salt, hashed using SHA-256 and stored in the database.
The backoffice is Flash-based and uses the as3crypto library to hash then password+salt and my problem is that the current implementation uses Base64 for both input and output.
This site demonstrates how this can be done: just select Hash and select Base64 for both input and output format and fire away. So far, all my attempts have yielded different results from the ones this site (and the backoffice code) give me.
While I think that in theory it should be relatively simply:
- Base64 encode the pass+salt
- Hash it using SHA-256
- Base64 encode the result again
so far I haven't been able to do this and I'm getting quite the headache to be honest.
My code is becoming a living maze, i'll have to redo-it tomorrow I reckon.
Any ideas?
Cheers and thanks in advance
PS: Here's the Backoffice's Flash code for generating hashed passwords by the way:
var currentResult:ByteArray;
var hash:IHash = Crypto.getHash('sha256');
var data:ByteArray = Base64.decodeToByteArray(str + vatel);
currentResult = hash.hash(data);
return Base64.encodeByteArray(currentResult).toString();
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
后台代码不会对
(如您上面所写)
,相反,它所做的是
根据上面的步骤 1,尚不清楚输入字符串使用哪种字符编码。您需要确保两个系统对输入字符串使用相同的编码!在这种情况下,UTF8、UTF16-LE 或 UTF16-BE 会带来天壤之别!
首先找出在 iOS 端使用的正确字符编码。
哦,Matt Gallagher 为在 iOS 上使用的哈希值编写了一个易于使用的包装类,HashValue.m,我用过,效果不错。
The backoffice code does not do
(as you wrote above)
Instead, what it does is
As per step 1 above, it's a unclear what kind of character encoding the input strings uses. You need to make sure that both systems use the same encoding for the input strings! UTF8, UTF16-LE or UTF16-BE makes a world of a difference in this case!
Start by finding out the correct character encoding to use on the iOS side.
Oh, and Matt Gallagher has written an easy to use wrapper class for hashes to use on iOS, HashValue.m, I've used it with good results.