-2
我试图解密存储在Asp.Net身份“密码”字段中的密码。我这样做,但出现错误“要解密的数据的长度无效”。密码存储为“1000:salt:password”。试图解密时出现“解密数据的长度无效”错误
public string DecryptPassword(string hashedPassword)
{
char[] delimiter = { ':' };
string[] split = hashedPassword.Split(delimiter);
//get byte representation of string
byte[] hash = Convert.FromBase64String(split[2]);
byte[] salt = new byte[SIZE_OF_SECRETKEY];
Rfc2898DeriveBytes pwdGen = new Rfc2898DeriveBytes(hash, salt, 1000);
RijndaelManaged _RijndaelManaged = new RijndaelManaged();
_RijndaelManaged.BlockSize = 256;
byte[] key = pwdGen.GetBytes(_RijndaelManaged.KeySize/8); //This will generate a 256 bits key
byte[] iv = pwdGen.GetBytes(_RijndaelManaged.BlockSize/8); //This will generate a 256 bits IV
_RijndaelManaged.Key = key;
_RijndaelManaged.IV = iv;
byte[] plainText2 = null;
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, _RijndaelManaged.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(hash, 0, hash.Length);
}
plainText2 = ms.ToArray();
}
//Decrypted text
return System.Text.Encoding.Unicode.GetString(plainText2);
}
散列做出与此代码:
HashPassword(string password)
{
RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider();
byte[] salt = new byte[SIZE_OF_SECRETKEY];
csprng.GetBytes(salt);
// Hash the password and encode the parameters
byte[] hash = PBKDF2(password, salt, ITERATIONS, HASH_SIZE);
return ITERATIONS + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash);
}
我看到盐和一些迭代。是什么让你认为密码是加密的而不是散列?如果它确实被散列,那么你不能解密它。 –
如果您使用asp.net身份提供程序存储它,为什么不使用身份提供程序来解密它?你确定它是一个***加密的密码,你正在存储,而不是***散列密码?你不能“解密”散列密码。 – Kritner
@CodesInChaos:是啊:)但是,这给了我答案:)编辑:不,但在这里得到严肃的dejavu。 – leppie