PasswordHasher 在 dotnet 7 更新后给出了不同的哈希结果

huangapple go评论72阅读模式
英文:

PasswordHasher gives different hash result after dotnet 7 update

问题

我们已将我们的ASP.NET Core 6应用程序升级到dotnet 7,密码哈希结果与以前不同。
我们在dotnet 6中的配置如下:

private static readonly IPasswordHasher<object> s_passwordHasher = new PasswordHasher<object>(Options.Create(new PasswordHasherOptions
{
    CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV3,
    IterationCount = 10000
}));

Dotnet 7的升级顺利进行,没有任何可能导致此问题的问题。我已经检查了破坏性更改,但也没有发现任何问题。

我们尝试使用VerifyHashedPassword方法来检查密码,像这样,它总是返回"Failed"。

result.Status =
    user.Password != null && PasswordHelper.VerifyHashedPassword(user.Password, query.Password) == PasswordVerificationResult.Success ?
    AuthenticateUserStatus.Successful :
    AuthenticateUserStatus.Failed;

我如何获取dotnet 6 使用的哈希算法?

英文:

We have updated our ASP.NET Core 6 application to dotnet 7 and password hashing gives different results as before.
Our configuration with dotnet 6 was:

private static readonly IPasswordHasher&lt;object&gt; s_passwordHasher = new PasswordHasher&lt;object&gt;(Options.Create(new PasswordHasherOptions
        {
            CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV3,
            IterationCount = 10000
        }));

Dotnet 7 update went through with minor problems, nothing that could cause this. I've already checked breaking changes but nothing found there either.

We try to check the password with the VerifyHashedPassword method like this and it always gives "Failed".

    result.Status =
        user.Password != null &amp;&amp; PasswordHelper.VerifyHashedPassword(user.Password, query.Password) == PasswordVerificationResult.Success ?
        AuthenticateUserStatus.Successful :
        AuthenticateUserStatus.Failed;

How can I get back the hashing algorithm used by dotnet6?

答案1

得分: 2

以下是翻译好的部分:

.NET 7 添加了需要使用SHA512的代码,如果您想使用.NET 6的密码哈希器,请修改您的代码以使用旧的代码而不是新的代码,或者修改您的代码以使用SHA512加密密码。

具体细节,您可以参考以下代码:

.NET 7:

case 0x01:
    if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out int embeddedIterCount, out KeyDerivationPrf prf))
    {
        // 如果此哈希器配置了更高的迭代次数,请立即更改条目。
        if (embeddedIterCount < _iterCount)
        {
            return PasswordVerificationResult.SuccessRehashNeeded;
        }

        // V3 现在需要SHA512。如果旧的PRF是SHA1或SHA256,升级为SHA512并重新哈希。
        if (prf == KeyDerivationPrf.HMACSHA1 || prf == KeyDerivationPrf.HMACSHA256)
        {
            return PasswordVerificationResult.SuccessRehashNeeded;
        }

        return PasswordVerificationResult.Success;
    }
    else
    {
        return PasswordVerificationResult.Failed;
    }

.NET 6:

case 0x01:
    int embeddedIterCount;
    if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out embeddedIterCount))
    {
        // 如果此哈希器配置了更高的迭代次数,请立即更改条目。
        return (embeddedIterCount < _iterCount)
            ? PasswordVerificationResult.SuccessRehashNeeded
            : PasswordVerificationResult.Success;
    }
    else
    {
        return PasswordVerificationResult.Failed;
    }

希望这对您有所帮助。

英文:

The difference between the .net 7 and .net 6 is .net 7 add the codes which requires SHA512 now, if you want to use .net 6 passwrod hasher, please modify your codes to use the old one instead of the new one, or modify your codes to use SHA512 encrypt the password.

Details, you could refer to below codes:

.Net 7:

        case 0x01:
            if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out int embeddedIterCount, out KeyDerivationPrf prf))
            {
                // If this hasher was configured with a higher iteration count, change the entry now.
                if (embeddedIterCount &lt; _iterCount)
                {
                    return PasswordVerificationResult.SuccessRehashNeeded;
                }

                // V3 now requires SHA512. If the old PRF is SHA1 or SHA256, upgrade to SHA512 and rehash.
                if (prf == KeyDerivationPrf.HMACSHA1 || prf == KeyDerivationPrf.HMACSHA256)
                {
                    return PasswordVerificationResult.SuccessRehashNeeded;
                }

                return PasswordVerificationResult.Success;
            }
            else
            {
                return PasswordVerificationResult.Failed;
            }

.Net 6:

            case 0x01:
                int embeddedIterCount;
                if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out embeddedIterCount))
                {
                    // If this hasher was configured with a higher iteration count, change the entry now.
                    return (embeddedIterCount &lt; _iterCount)
                        ? PasswordVerificationResult.SuccessRehashNeeded
                        : PasswordVerificationResult.Success;
                }
                else
                {
                    return PasswordVerificationResult.Failed;
                }

huangapple
  • 本文由 发表于 2023年2月16日 16:42:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/75469689.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定