英文:
Rfc2898DeriveBytes vs golang pbkdf2
问题
这是我的C# Rfc2898DeriveBytes代码:
using System;
using System.Text;
using System.Security.Cryptography;
public class Program
{
public static void Main()
{
byte[] saltBytes = Encoding.Unicode.GetBytes("47687");
Console.WriteLine(Convert.ToBase64String(saltBytes));
byte[] passBytes = Encoding.Unicode.GetBytes("123456");
Console.WriteLine(Convert.ToBase64String(passBytes));
Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(passBytes, saltBytes, 1000);
byte[] hashbyte = k1.GetBytes(32);
Console.WriteLine(Convert.ToBase64String(hashbyte));
}
}
结果是:
NAA3ADYAOAA3AA==
MQAyADMANAA1ADYA
aOyDnGG22ebqGmMvY7zQwdT+UKF6hUUmAt2Uc0jj2io=
我的Golang代码是:
package main
import (
"crypto/sha1"
"fmt"
"golang.org/x/crypto/pbkdf2"
b64 "encoding/base64"
)
var (
PasswordSecuritySalt = "47687"
PasswordSecurityIterations = 1000
PasswordSecurityKeylen = 32
)
func HashPassword(str string) string {
hashedPassword := pbkdf2.Key([]byte(str), []byte(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
return b64.StdEncoding.EncodeToString(hashedPassword)
}
func main() {
password := "123456"
fmt.Println(PasswordSecuritySalt + " " + password)
fmt.Println(HashPassword(password))
}
结果是:
47687 123456
EVqb1dCe8p+iVEquNjJmHhSjruGATNQX73F6msXivM8=
为什么Golang的结果与C#不同?请帮助我。
英文:
Here is my C# Rfc2898DeriveBytes
using System;
using System.Text;
using System.Security.Cryptography;
public class Program
{
public static void Main()
{
byte[] saltBytes = Encoding.Unicode.GetBytes("47687");
Console.WriteLine(Convert.ToBase64String(saltBytes));
byte[] passBytes = Encoding.Unicode.GetBytes("123456");
Console.WriteLine(Convert.ToBase64String(passBytes));
Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(passBytes, saltBytes, 1000);
byte[] hashbyte = k1.GetBytes(32);
Console.WriteLine(Convert.ToBase64String(hashbyte));
}
}
Result is
NAA3ADYAOAA3AA==
MQAyADMANAA1ADYA
aOyDnGG22ebqGmMvY7zQwdT+UKF6hUUmAt2Uc0jj2io=
My golang code is
package main
import (
"crypto/sha1"
"fmt"
"golang.org/x/crypto/pbkdf2"
b64 "encoding/base64"
)
var (
PasswordSecuritySalt = "47687"
PasswordSecurityIterations = 1000
PasswordSecurityKeylen = 32
)
func HashPassword(str string) string {
hashedPassword := pbkdf2.Key([]byte(str), []byte(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
return b64.StdEncoding.EncodeToString(hashedPassword)
}
func main() {
password := "123456"
fmt.Println(PasswordSecuritySalt + " " + password)
fmt.Println(HashPassword(password))
}
Result is
47687 123456
EVqb1dCe8p+iVEquNjJmHhSjruGATNQX73F6msXivM8=
Why golang result hash password is different with C#. Please help me.
答案1
得分: 12
.NET使用UTF-16字符串,所以每个字符至少由2个字节表示,而Go使用UTF-8字符串。
C#:
Encoding.Unicode.GetBytes("47687") // [52 0 55 0 54 0 56 0 55 0]
Go:
[]byte("47687") // [52 55 54 56 55]
如果你想在Go应用程序中获得与C#相同的结果,你需要将Go字符串转换为UTF-16字节切片:
package main
import (
"crypto/sha1"
b64 "encoding/base64"
"encoding/binary"
"fmt"
"golang.org/x/crypto/pbkdf2"
"unicode/utf16"
)
var (
PasswordSecuritySalt = "47687"
PasswordSecurityIterations = 1000
PasswordSecurityKeylen = 32
)
func stringToUTF16Bytes(s string) []byte {
runes := utf16.Encode([]rune(s))
bytes := make([]byte, len(runes)*2)
for i, r := range runes {
binary.LittleEndian.PutUint16(bytes[i*2:], r)
}
return bytes
}
func HashPassword(str string) string {
hashedPassword := pbkdf2.Key(stringToUTF16Bytes(str), stringToUTF16Bytes(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
return b64.StdEncoding.EncodeToString(hashedPassword)
}
func main() {
fmt.Println(HashPassword("123456"))
}
英文:
.NET is using UTF-16 strings, so each character is represented by at least 2 bytes, while Go is using UTF-8 strings.
C#:
Encoding.Unicode.GetBytes("47687") // [52 0 55 0 54 0 56 0 55 0]
Go:
[]byte("47687") // [52 55 54 56 55]
If you want to get the same results in your Go application as in C#, you'll have to convert Go strings to UTF-16 byte slices:
package main
import (
"crypto/sha1"
b64 "encoding/base64"
"encoding/binary"
"fmt"
"golang.org/x/crypto/pbkdf2"
"unicode/utf16"
)
var (
PasswordSecuritySalt = "47687"
PasswordSecurityIterations = 1000
PasswordSecurityKeylen = 32
)
func stringToUTF16Bytes(s string) []byte {
runes := utf16.Encode([]rune(s))
bytes := make([]byte, len(runes)*2)
for i, r := range runes {
binary.LittleEndian.PutUint16(bytes[i*2:], r)
}
return bytes
}
func HashPassword(str string) string {
hashedPassword := pbkdf2.Key(stringToUTF16Bytes(str), stringToUTF16Bytes(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
return b64.StdEncoding.EncodeToString(hashedPassword)
}
func main() {
fmt.Println(HashPassword("123456"))
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论