问题
I've got the following code, which hashes a password as inputted by the user, and subsequently stores it in an SQL Server database:
Byte[] originalPassword;
Byte[] hashedPassword;
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
UTF8Encoding encoder = new UTF8Encoding();
originalPassword = encoder.GetBytes(passwordBox.Text);
hashedPassword = md5Hasher.ComputeHash(originalPassword);
command.Parameters.Add(new SqlParameter("Password", hashedPassword));
command.ExecuteNonQuery();
My problem is that I've got a number of plaintext passwords already stored in the database. How exactly am I to modify them into this new hashed format, since they appear as '0xA99ED....'?
回答1:
The output of any hash function is a collection of bytes, not a collection of text. So when you enter text as a test you are probably entering a text conversion of that byte array. Simply converting it in SQL to a binary(16) is not correct, you need to do a proper conversion, which is something you cannot do in SQL. This also explains why changing the datatype of the column doesn't work either.
When hashes are expressed as strings it's usually via hex values of each byte, or via a character set encoder. In order to switch between them you need to figure out which one is in use and perform the conversion in code, not by switching the datatypes in SQL
回答2:
try this out first create a Windows form with 2 buttons and 2 text boxes
1st button label Encrypt
2nd button label Validate
**--- Hashing using the MD5 class ---**
use the following code below
/// <summary>
/// take any string and encrypt it using MD5 then
/// return the encrypted data
/// </summary>
/// <param name="data">input text you will enterd to encrypt it</param>
/// <returns>return the encrypted text as hexadecimal string</returns>
private string GetMD5HashData(string data)
{
//create new instance of md5
MD5 md5 = MD5.Create();
//convert the input text to array of bytes
byte[] hashData = md5.ComputeHash(Encoding.Default.GetBytes(data));
//create new instance of StringBuilder to save hashed data
StringBuilder returnValue = new StringBuilder();
//loop for each byte and add it to StringBuilder
for (int i = 0; i < hashData.Length; i++)
{
returnValue.Append(hashData[i].ToString());
}
// return hexadecimal string
return returnValue.ToString();
}
/// <summary>
/// encrypt input text using MD5 and compare it with
/// the stored encrypted text
/// </summary>
/// <param name="inputData">input text you will enterd to encrypt it</param>
/// <param name="storedHashData">the encrypted text
/// stored on file or database ... etc</param>
/// <returns>true or false depending on input validation</returns>
private bool ValidateMD5HashData(string inputData, string storedHashData)
{
//hash input text and save it string variable
string getHashInputData = GetMD5HashData(inputData);
if (string.Compare(getHashInputData, storedHashData) == 0)
{
return true;
}
else
{
return false;
}
}
回答3:
This method works great, returns a string from the MD5 hash using LINQ. This worked for MailChimp API 3.0 whereas the previous code that returned the byte array did not.
public static string GetMd5HashData(string yourString )
{
return string.Join("", MD5.Create().ComputeHash(Encoding.ASCII.GetBytes(yourString)).Select(s => s.ToString("x2")));
}
Found here: http://rion.io/2013/02/23/generating-an-md5-hash-from-a-string-using-linq/
回答4:
Here is the VB.NET version using LINQ (for those who are still using VB.NET):
Public Function GenerateMD5(ByVal plainText As String) As String
Return String.Join("", System.Security.Cryptography.MD5.Create().ComputeHash(System.Text.Encoding.ASCII.GetBytes(plainText)).Select(Function(x) x.ToString("x2")))
End Function
来源:https://stackoverflow.com/questions/8065616/asp-net-hash-password-using-md5