2016年12月7日 11:03:46go评论87阅读模式

英文:

Rfc2898DeriveBytes vs golang pbkdf2

问题

这是我的C# Rfc2898DeriveBytes代码：

using System;
using System.Text;
using System.Security.Cryptography;

public class Program
{
    public static void Main()
    {
        byte[] saltBytes = Encoding.Unicode.GetBytes("47687");
        Console.WriteLine(Convert.ToBase64String(saltBytes));
        
        byte[] passBytes = Encoding.Unicode.GetBytes("123456");
        Console.WriteLine(Convert.ToBase64String(passBytes));
        
        Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(passBytes, saltBytes, 1000);
        byte[] hashbyte = k1.GetBytes(32);
        
        Console.WriteLine(Convert.ToBase64String(hashbyte));
    }
}

结果是：
NAA3ADYAOAA3AA==
MQAyADMANAA1ADYA
aOyDnGG22ebqGmMvY7zQwdT+UKF6hUUmAt2Uc0jj2io=

我的Golang代码是：

package main

import (
    "crypto/sha1"
    "fmt"
    "golang.org/x/crypto/pbkdf2"
    b64 "encoding/base64"
)

var (
    PasswordSecuritySalt       = "47687"
    PasswordSecurityIterations = 1000
    PasswordSecurityKeylen     = 32
)

func HashPassword(str string) string {
    hashedPassword := pbkdf2.Key([]byte(str), []byte(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
    return b64.StdEncoding.EncodeToString(hashedPassword)
}

func main() {
    password := "123456"
    fmt.Println(PasswordSecuritySalt + " " + password)
    fmt.Println(HashPassword(password))

}

结果是：
47687 123456
EVqb1dCe8p+iVEquNjJmHhSjruGATNQX73F6msXivM8=

为什么Golang的结果与C#不同？请帮助我。

英文:

Here is my C# Rfc2898DeriveBytes

using System;
using System.Text;
using System.Security.Cryptography;
					
public class Program
{
	public static void Main()
	{
		byte[] saltBytes = Encoding.Unicode.GetBytes(&quot;47687&quot;);
		Console.WriteLine(Convert.ToBase64String(saltBytes));
		
		byte[] passBytes = Encoding.Unicode.GetBytes(&quot;123456&quot;);
		Console.WriteLine(Convert.ToBase64String(passBytes));
		
		Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(passBytes, saltBytes, 1000);
		byte[] hashbyte = k1.GetBytes(32);
		
		Console.WriteLine(Convert.ToBase64String(hashbyte));
	}
}

Result is
NAA3ADYAOAA3AA==
MQAyADMANAA1ADYA
aOyDnGG22ebqGmMvY7zQwdT+UKF6hUUmAt2Uc0jj2io=

My golang code is

package main

import (
	&quot;crypto/sha1&quot;
	&quot;fmt&quot;
	&quot;golang.org/x/crypto/pbkdf2&quot;
	b64 &quot;encoding/base64&quot;
)

var (
	PasswordSecuritySalt       = &quot;47687&quot;
	PasswordSecurityIterations = 1000
	PasswordSecurityKeylen     = 32
)

func HashPassword(str string) string {
	hashedPassword := pbkdf2.Key([]byte(str), []byte(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
	return	b64.StdEncoding.EncodeToString(hashedPassword)
}

func main() {
	password := &quot;123456&quot;
	fmt.Println(PasswordSecuritySalt + &quot; &quot; + password)
	fmt.Println(HashPassword(password))

}

Result is
47687 123456
EVqb1dCe8p+iVEquNjJmHhSjruGATNQX73F6msXivM8=

Why golang result hash password is different with C#. Please help me.

答案1

得分: 12

.NET使用UTF-16字符串，所以每个字符至少由2个字节表示，而Go使用UTF-8字符串。

C#:

Encoding.Unicode.GetBytes("47687") // [52 0 55 0 54 0 56 0 55 0]

Go:

[]byte("47687") // [52 55 54 56 55]

如果你想在Go应用程序中获得与C#相同的结果，你需要将Go字符串转换为UTF-16字节切片：

package main

import (
    "crypto/sha1"
    b64 "encoding/base64"
    "encoding/binary"
    "fmt"
    "golang.org/x/crypto/pbkdf2"
    "unicode/utf16"
)

var (
    PasswordSecuritySalt       = "47687"
    PasswordSecurityIterations = 1000
    PasswordSecurityKeylen     = 32
)

func stringToUTF16Bytes(s string) []byte {
    runes := utf16.Encode([]rune(s))
    bytes := make([]byte, len(runes)*2)
    for i, r := range runes {
        binary.LittleEndian.PutUint16(bytes[i*2:], r)
    }
    return bytes
}

func HashPassword(str string) string {
    hashedPassword := pbkdf2.Key(stringToUTF16Bytes(str), stringToUTF16Bytes(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
    return b64.StdEncoding.EncodeToString(hashedPassword)
}

func main() {
    fmt.Println(HashPassword("123456"))
}

英文:

.NET is using UTF-16 strings, so each character is represented by at least 2 bytes, while Go is using UTF-8 strings.

C#:

Encoding.Unicode.GetBytes(&quot;47687&quot;) // [52 0 55 0 54 0 56 0 55 0]

Go:

[]byte(&quot;47687&quot;) // [52 55 54 56 55]

If you want to get the same results in your Go application as in C#, you'll have to convert Go strings to UTF-16 byte slices:

package main

import (
    &quot;crypto/sha1&quot;
    b64 &quot;encoding/base64&quot;
    &quot;encoding/binary&quot;
    &quot;fmt&quot;
    &quot;golang.org/x/crypto/pbkdf2&quot;
    &quot;unicode/utf16&quot;
)

var (
    PasswordSecuritySalt       = &quot;47687&quot;
    PasswordSecurityIterations = 1000
    PasswordSecurityKeylen     = 32
)

func stringToUTF16Bytes(s string) []byte {
    runes := utf16.Encode([]rune(s))
    bytes := make([]byte, len(runes)*2)
    for i, r := range runes {
        binary.LittleEndian.PutUint16(bytes[i*2:], r)
    }
    return bytes
}

func HashPassword(str string) string {
    hashedPassword := pbkdf2.Key(stringToUTF16Bytes(str), stringToUTF16Bytes(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
    return b64.StdEncoding.EncodeToString(hashedPassword)
}

func main() {
    fmt.Println(HashPassword(&quot;123456&quot;))
}

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

Rfc2898DeriveBytes与golang的pbkdf2

问题

答案1

使用Golang在远程命令中以交互式shell方式执行nsenter来调试Docker容器。

Go：解析多变的YAML

How to iterate int range concurrently

可执行文件未从PATH变量中搜索到。

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论