问题
I made an account on my web app (Symfony2 with FOSUserBundle) and registered with the password "lolwut" (without the quotes).
These are the settings in my security.yml config:
security:
encoders:
FOS\UserBundle\Model\UserInterface:
algorithm: sha512
iterations: 1
encode_as_base64: false
The resulting data:
Hashed password:
f57470574dbf29026821519b19539d1c2237e4315d881fa412da978af554740c6b284062a9a4af7d0295d18ebea8ef2e152cf674b283f792fe0b568a93f969cf
Salt:
kuc5bixg5u88s4k8ggss4osoksko0g8
Now, since the iterations are set on 1, I am assuming that encoding "lolwut" in SHA512 in C# will give me the same result, here's my logic:
string salt = "kuc5bixg5u88s4k8ggss4osoksko0g8";
string input = "lolwut";
string passAndSalt = String.Concat(input, salt);
System.String Hashed = System.BitConverter.ToString(((System.Security.Cryptography.SHA512)new System.Security.Cryptography.SHA512Managed()).ComputeHash(System.Text.Encoding.ASCII.GetBytes(passAndSalt))).Replace("-", "");
return passAndSalt + "<br>" + Hashed;
However, this returns the following value that doesn't match the FOSUserBundle hashed password at all:
82E8CA0408B23DB50EB654EDB50A7926AC73613184054DB82FB6D67CD4186B7A045D265AEDE6E3852CD85B981F15F6615C1C0C6FBF443B1672DF59DE23557BD9
I know I must be doing something wrong somewhere, but I can't for the life of me figure out what it is, and it's driving me nuts. Could anyone help me out here, please?
回答1:
Symfony merges password and salt as password{salt}, so this code will return the same hash:
string salt = "kuc5bixg5u88s4k8ggss4osoksko0g8";
string input = "lolwut";
string passAndSalt = String.Format("{0}{{{1}}}", input, salt);
System.String Hashed = System.BitConverter.ToString(((System.Security.Cryptography.SHA512)new System.Security.Cryptography.SHA512Managed()).ComputeHash(System.Text.Encoding.ASCII.GetBytes(passAndSalt))).Replace("-", "");
// Hashed.ToLower()
来源:https://stackoverflow.com/questions/14325341/symfony2-fosuserbundle-sha512-hash-doesnt-match-c-sharp-sha512-hash