使用 C# 解密 SHA1 值
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14630566/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Decrypt SHA1 value with C#
提问by user2019423
I have a PHP web service that I've discovered is passing my C# a SHA-1 encrupted value. The sample data that is passed to me is "8cb2237d0679ca88db6464eac60da96345513964" which I know translates to "12345".
我有一个 PHP Web 服务,我发现它向我的 C# 传递了一个 SHA-1 加密值。传递给我的示例数据是“8cb2237d0679ca88db6464eac60da96345513964”,我知道它可以转换为“12345”。
How do I translate the hashed value back to "12345" with code similar to the following
如何使用类似于以下的代码将散列值转换回“12345”
public static string HashCode(string str)
{
string rethash = "";
try
{
System.Security.Cryptography.SHA1 hash = System.Security.Cryptography.SHA1.Create();
System.Text.ASCIIEncoding encoder = new System.Text.ASCIIEncoding();
byte[] combined = encoder.GetBytes(str);
hash.ComputeHash(combined);
rethash = Convert.ToBase64String(hash.Hash);
}
catch (Exception ex)
{
string strerr = "Error in HashCode : " + ex.Message;
}
return rethash;
}
- EDIT *
- 编辑 *
Here is some RUBY code that is also workig with "8cb2237d0679ca88db6464eac60da96345513964" and "12345"
这是一些 RUBY 代码,也适用于“8cb2237d0679ca88db6464eac60da96345513964”和“12345”
require "digest/sha1"
class User
attr_accessor :password
def initialize(password)
@password = hash_password(password)
end
def hash_password(password)
Digest::SHA1.hexdigest(password)
end
def valid_password?(password)
@password == hash_password(password)
end
end
u = User.new("12345")
p u.password # => "8cb2237d0679ca88db6464eac60da96345513964"
p u.valid_password?("not valid") # => false
p u.valid_password?("12345") # => true
回答by Avitus
You can't decrypt SHA1 hash because it's a one way hash.
您无法解密 SHA1 哈希,因为它是一种单向哈希。
Another example of one way hashing is MD5
单向散列的另一个例子是 MD5
回答by Nickolay Olshevsky
Hashing is not a reversible operation, like encryption.
散列不像加密那样是可逆的操作。
回答by Justin Donohoo
Hashing is not encryption. Hashing is one way, and is used in most cases to verify data integrity.
散列不是加密。散列是一种方法,在大多数情况下用于验证数据完整性。
回答by KingCronus
12345 will always come out as 8cb2237d0679ca88db6464eac60da96345513964 with a straight hash.
12345 将始终以 8cb2237d0679ca88db6464eac60da96345513964 的形式出现,并带有直接散列。
This means that if you made a database of every possible result, you could in theory look up the result and from that see what the original input to the sha1 function was.
这意味着,如果您为每个可能的结果建立了一个数据库,理论上您可以查找结果,并从中查看 sha1 函数的原始输入是什么。
This is a security problem, with issues like Dictionary Attacks and Rainbow tables being possible (http://en.wikipedia.org/wiki/Rainbow_table).
这是一个安全问题,可能会出现字典攻击和彩虹表等问题(http://en.wikipedia.org/wiki/Rainbow_table)。
To get around that, you should never use an unsalted hash. i.e. you always customise your hash using a value known to you.
为了解决这个问题,你永远不应该使用未加盐的哈希。即您总是使用您已知的值来自定义您的哈希值。
For example sha1("12345" + "mySalt").
例如 sha1("12345" + "mySalt")。
Now your hash is easy for you to work out, but not the same as every other person in the world who has used sha1.
现在你的哈希很容易计算出来,但与世界上使用 sha1 的其他人不同。
Technically speaking, you should also never reuse the same salt twice either, but that is a more complicated concept.
从技术上讲,你也不应该重复使用相同的盐两次,但这是一个更复杂的概念。
EDIT: As owlstead points out below, PBKDF2 and a random salt should be used, rather than a static one and a hash. Far better for security.
编辑:正如owlstead在下面指出的那样,应该使用PBKDF2和随机盐,而不是静态盐和散列。安全性要好得多。
回答by Jim Counts
The ruby code that you posted doesn't appear to be reversing a hash.
您发布的 ruby 代码似乎没有反转哈希。
What it seems to be doing is this:
它似乎在做的是这样的:
Get the password text, hash it and store it.
获取密码文本,将其散列并存储。
Later, when it wants to check that the "user" entered the same password again, it gets the password text from the user, hashes it, and compares the hash value to the stored hash value.
稍后,当它想检查“用户”是否再次输入了相同的密码时,它会从用户那里获取密码文本,对其进行散列,并将散列值与存储的散列值进行比较。
This is a common way to store and check passwords. Instead of "dehashing" the stored value for comparison, you hash the new value and compare the two hash values.
这是存储和检查密码的常用方法。不是“去散列”存储的值进行比较,而是散列新值并比较两个散列值。
回答by Coder
The code you are looking for is this
您正在寻找的代码是这样的
SHA1 sha = new SHA1CryptoServiceProvider();
ASCIIEncoding encoder = new ASCIIEncoding();
byte[] combined = encoder.GetBytes(pin);
string hash = BitConverter.ToString(sha.ComputeHash(combined)).Replace("-", "");
Where pinis the unhashed value, and hashis the value you want compaired
其中pin是未散列的值,hash是您要比较的值
