英文:
PasswordHasher gives different hash result after dotnet 7 update
问题
我们已将我们的ASP.NET Core 6应用程序升级到dotnet 7,密码哈希结果与以前不同。
我们在dotnet 6中的配置如下:
private static readonly IPasswordHasher<object> s_passwordHasher = new PasswordHasher<object>(Options.Create(new PasswordHasherOptions
{
CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV3,
IterationCount = 10000
}));
Dotnet 7的升级顺利进行,没有任何可能导致此问题的问题。我已经检查了破坏性更改,但也没有发现任何问题。
我们尝试使用VerifyHashedPassword方法来检查密码,像这样,它总是返回"Failed"。
result.Status =
user.Password != null && PasswordHelper.VerifyHashedPassword(user.Password, query.Password) == PasswordVerificationResult.Success ?
AuthenticateUserStatus.Successful :
AuthenticateUserStatus.Failed;
我如何获取dotnet 6 使用的哈希算法?
英文:
We have updated our ASP.NET Core 6 application to dotnet 7 and password hashing gives different results as before.
Our configuration with dotnet 6 was:
private static readonly IPasswordHasher<object> s_passwordHasher = new PasswordHasher<object>(Options.Create(new PasswordHasherOptions
{
CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV3,
IterationCount = 10000
}));
Dotnet 7 update went through with minor problems, nothing that could cause this. I've already checked breaking changes but nothing found there either.
We try to check the password with the VerifyHashedPassword method like this and it always gives "Failed".
result.Status =
user.Password != null && PasswordHelper.VerifyHashedPassword(user.Password, query.Password) == PasswordVerificationResult.Success ?
AuthenticateUserStatus.Successful :
AuthenticateUserStatus.Failed;
How can I get back the hashing algorithm used by dotnet6?
答案1
得分: 2
以下是翻译好的部分:
.NET 7 添加了需要使用SHA512的代码,如果您想使用.NET 6的密码哈希器,请修改您的代码以使用旧的代码而不是新的代码,或者修改您的代码以使用SHA512加密密码。
具体细节,您可以参考以下代码:
.NET 7:
case 0x01:
if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out int embeddedIterCount, out KeyDerivationPrf prf))
{
// 如果此哈希器配置了更高的迭代次数,请立即更改条目。
if (embeddedIterCount < _iterCount)
{
return PasswordVerificationResult.SuccessRehashNeeded;
}
// V3 现在需要SHA512。如果旧的PRF是SHA1或SHA256,升级为SHA512并重新哈希。
if (prf == KeyDerivationPrf.HMACSHA1 || prf == KeyDerivationPrf.HMACSHA256)
{
return PasswordVerificationResult.SuccessRehashNeeded;
}
return PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
.NET 6:
case 0x01:
int embeddedIterCount;
if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out embeddedIterCount))
{
// 如果此哈希器配置了更高的迭代次数,请立即更改条目。
return (embeddedIterCount < _iterCount)
? PasswordVerificationResult.SuccessRehashNeeded
: PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
希望这对您有所帮助。
英文:
The difference between the .net 7 and .net 6 is .net 7 add the codes which requires SHA512 now, if you want to use .net 6 passwrod hasher, please modify your codes to use the old one instead of the new one, or modify your codes to use SHA512 encrypt the password.
Details, you could refer to below codes:
.Net 7:
case 0x01:
if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out int embeddedIterCount, out KeyDerivationPrf prf))
{
// If this hasher was configured with a higher iteration count, change the entry now.
if (embeddedIterCount < _iterCount)
{
return PasswordVerificationResult.SuccessRehashNeeded;
}
// V3 now requires SHA512. If the old PRF is SHA1 or SHA256, upgrade to SHA512 and rehash.
if (prf == KeyDerivationPrf.HMACSHA1 || prf == KeyDerivationPrf.HMACSHA256)
{
return PasswordVerificationResult.SuccessRehashNeeded;
}
return PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
.Net 6:
case 0x01:
int embeddedIterCount;
if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out embeddedIterCount))
{
// If this hasher was configured with a higher iteration count, change the entry now.
return (embeddedIterCount < _iterCount)
? PasswordVerificationResult.SuccessRehashNeeded
: PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论