pbkdf2

问题 Consider the following java code: KeySpec spec = new PBEKeySpec("pass".toCharArray(), "salt".getBytes(), 10000, 512); SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); System.out.println(f.generateSecret(spec).getEncoded().length); This code outputs " 64 ". So 64 bytes, while SHA-256 is a 32 byte hash. I know I specified 512 bits (64 byte) as the key length. However I would expect that the generated key (PBKDF2) will be hashed by SHA-256 so that the output should

问题 I'm tasked with building a consumer of an API that requires an encrypted token with a seed value that is the UNIX time. The example I was shown was implemented using Java which I'm unfamiliar with, and after reading through documentation and other stack articles have been unable to find a solution. Using the javax.crypto.SecretKey , javax.crypto.SecretKeyFactory , javax.crypto.spec.PBEKeySpec , and javax.crypto.spec.SecretKeySpec protocols, I need to generate a token similar to the below:

问题 I need to generate in PHP the same hash as as the PBKDF2WithHmacSHA256 algorithm generates in Java. I did some research and found two functions that seem to be connected to PBKDF2 and HMAC : hash_pbkdf2 - http://php.net/manual/en/function.hash-pbkdf2.php hash_hmac - http://php.net/manual/en/function.hash-hmac.php What PHP functions should I use? Is it even possible with native PHP functions? Edit #1 My Java code, the same result I need achieve in PHP public static byte[] derivateKey(char[]

问题 I have a problem in hand to decrypt the AES encrypted cipher-text which specifications are following The cipher-text consists of: · 256 bytes of RFC2898-derived salt, followed by a message that was AES-encrypted using password, 'password' and derived IV. Sample Message is "This is my secret string, lorem ipsum" and password is "password" which is encrypted using C# code This message is decrypting fine with following c# code private static readonly int SALT_SIZE = 256; public static void

问题 I'm trying to set up password salting on our website, and found the PBKDF2 functions at https://defuse.ca/php-pbkdf2.htm When I try it, I get: Fatal error: mcrypt_create_iv(): Could not gather sufficient random data in include\PBKDF2.php on line 23 I'm not sure if I need to do anything to make this work. It's running on IIS7.5 回答1: For those who are still facing error: Fatal Error: Call to undefined function mcrypt_create_iv() Please check the phpversion and correspondingly make sure to go to

问题 I'm in the middle of development and I need to test my login/password api. Problem is in the database the password is encrypted. I have the following information. key iteration salt Is this enough to recover the password? By the way I can edit these values as well if that will help. 回答1: I think you misunderstood, how a password API works. You cannot reverse a properly hashed password, but you can validate an entered password against the stored hash. To validate the entered password, you need

问题 I want to generate a derived hash of a password using PBKDF2 with SHA256. with this SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1") this work but it use SHA1. With SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256") (or SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256","SC") when with spongycastle) i have an error. How can i succeed to generate a hash using PBKDF2WithHmacSHA256? 回答1: If you use version 1.47 or higher of SpongyCastle, you can invoke PBKDF2WithHmacSHA256 directly:

问题 Does anyone know of a SQL implementation of PBKDF2? (I'd rather not use an external library like, for example, ChillKat's ActiveX component.) 回答1: PBKDF2 is built into the .NET framework as System.Security.Cryptography.Rfc2898DeriveBytes. It's straightforward to create a SQL CLR function that wraps a call to this class' GetBytes method. I realize you were looking for a solution that doesn't require an external library but at least this limits the dependency an assembly that simply wraps

问题 I have a .NET web site built using MVC that has a user-management module. This module generates user passwords hashed conforming to the RFC2898 spec and stores them in a db. The specific implementation I'm using is the quick and convenient method found in System.Web.Helpers.Crypto.HashPassword() . Looking at the source code for that method as found here, it is wrapping a call to the Rfc2898DeriveBytes class, which actually creates the hash. So far so good. The problem I'm facing is that we

问题 I have a .NET web site built using MVC that has a user-management module. This module generates user passwords hashed conforming to the RFC2898 spec and stores them in a db. The specific implementation I'm using is the quick and convenient method found in System.Web.Helpers.Crypto.HashPassword() . Looking at the source code for that method as found here, it is wrapping a call to the Rfc2898DeriveBytes class, which actually creates the hash. So far so good. The problem I'm facing is that we