vb.net 加密/解密存储在紧凑数据库中的密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19433608/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
encrypting/decrypting a password stored on a compact database
提问by Jose M.
My project contains 2 forms, one to register users and one to login. I am using a compact local database to store the passwords. I wrote a function to encrypt the password when the user registers. I then wrote another to decrypt the same password when the user logs in.
我的项目包含 2 个表单,一个用于注册用户,一个用于登录。我正在使用一个紧凑的本地数据库来存储密码。我写了一个函数来在用户注册时加密密码。然后我写了另一个在用户登录时解密相同的密码。
The first part, encryption, works just fine. The user registers, and I can see the password encrypted on the database. However, when I try to log in, the password is not being decrypted. Here are my Functions.
第一部分,加密,工作得很好。用户注册,我可以看到在数据库上加密的密码。但是,当我尝试登录时,密码没有被解密。这是我的功能。
Module EncryptionModule
Public Function base64Encode(ByVal sData As String) As String
Try
Dim encData_Byte As Byte() = New Byte(sData.Length - 1) {}
encData_Byte = System.Text.Encoding.UTF8.GetBytes(sData)
Dim encodedData As String = Convert.ToBase64String(encData_Byte)
Return (encodedData)
Catch ex As Exception
Throw (New Exception("Error is base64Encode" & ex.Message))
End Try
End Function
Public Function base64Decode(ByVal sData As String) As String
Dim encoder As New System.Text.UTF8Encoding()
Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
Dim todecode_byte As Byte() = Convert.FromBase64String(sData)
Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
Dim decoded_char As Char() = New Char(charCount - 1) {}
utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
Dim result As String = New [String](decoded_char)
Return result
End Function
End Module
This is the routine to register a user and encrypting the password:
这是注册用户和加密密码的例程:
Private Sub btnRegister_Click(sender As Object, e As EventArgs) Handles btnRegister.Click
'If the username is taken or used on the
'database, then create account
If MasterTableAdapter.CheckUserName(txtUserName.Text) = Nothing Then
Dim pwd As String = base64Encode(Trim(txtConfirmPassword.Text))
MasterTableAdapter.CreateAccount(txtFName.Text, txtLName.Text, txtUserName.Text, pwd, int1)
MsgBox("An account has been created for: " & vbNewLine & _
"Employee: " & txtFName.Text & " " & txtLName.Text & vbNewLine & _
"User Name: " & txtUserName.Text & vbNewLine & _
"Access Level: " & strAccessLevel)
Me.Close()
Else
MessageBox.Show("The username is in use. Please select another username.", "Authentication Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
End Sub
Here is the routine to log in and decrypt the password from the Login Form:
这是从登录表单登录和解密密码的例程:
Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
Private Sub btnLogin_Click(sender As Object, e As EventArgs) 处理 btnLogin.Click
Dim pwd As String = base64Decode(Trim(txtPassword.Text))
If Not MasterTableAdapter.Login(txtUserName.Text, pwd) = Nothing Then
'frmWelcomePage.Show()
MsgBox("SUCCESS")
Else
'If no match, display error, clear text boxes and send focus back to the username text box.
MessageBox.Show("Username or password do not match", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
txtPassword.Text = Nothing
txtUserName.Text = Nothing
txtUserName.Focus()
End If
End if
End Sub
I am new to the whole encryption arena so I don't know what I am doing wrong here.
我是整个加密领域的新手,所以我不知道我在这里做错了什么。
回答by podiluska
You shouldn't decrypyt the password.
你不应该解密密码。
When the user creates a password, you should generate a hash (ie: a value from which the password can not be reconstructed)
当用户创建密码时,您应该生成一个哈希值(即:无法重建密码的值)
When the user attempts to login, you should compare the hash value of the given password with the stored hash.
当用户尝试登录时,您应该将给定密码的哈希值与存储的哈希值进行比较。
回答by ??ssa P?ngj?rdenlarp
First, Base64 encoding is notencryption. Many people can look at a B64 string and know what to do to unscramble it. You should look into hash techniques as podiluska suggested.
首先,Base64 编码不是加密。很多人看到 B64 字符串就知道如何解读它。您应该按照 podiluska 的建议研究哈希技术。
That said, since your Decode method cant unscramble what you encode, it means you have an error in one or the other. Simple encoding for what you are doing can be done:
也就是说,由于您的 Decode 方法无法解读您编码的内容,这意味着您在其中一个或另一个中存在错误。可以对您正在做的事情进行简单编码:
Dim s As String = "MySecretPassword"
' convert to byte array
Dim bArry() As Byte = System.Text.Encoding.UTF8.GetBytes(s)
' convert bytes to Base64:
Dim sb64 As String = System.Convert.ToBase64String(barry)
To decode is just the reverse:
解码正好相反:
' Base64 -> Byte Array
Dim bOut() As Byte = System.Convert.FromBase64String(sb64)
' Byte Arry -> clear text
Dim sOut As String = System.Text.Encoding.UTF8.GetString(bOut)
