OpenLDAP SSHA 加密算法是 SHA-1 加密算法加盐的一种处理方法,具体算法是这样:{SSHA}+base64(SHA1(明文密码+盐)+盐)
从已加密密码中获取"盐"方法如下:
/// <summary>
/// 获取盐--也是4位数
/// </summary>
/// <param name="encryptStr"></param>
/// <returns></returns>
public static byte[] GetSalt(string encryptStr)
{
encryptStr = encryptStr.Replace("{SSHA}", string.Empty);
byte[] encryptByte = Convert.FromBase64String(encryptStr);
encryptByte = encryptByte.Skip(20).Take(encryptByte.Length - 20).ToArray();
return encryptByte;
}
加密:(这个盐是随机的,每个密码的盐是不同的)
public string StrEncrypt(string pwd, byte[] salt)
{
var sha1 = new SHA1Managed();
byte[] sha1Res = sha1.ComputeHash(Encoding.ASCII.GetBytes(pwd).Concat(salt).ToArray());
byte[] saltByte = salt;
byte[] joinByte = new byte[sha1Res.Length + saltByte.Length];
sha1Res.CopyTo(joinByte, 0);
saltByte.CopyTo(joinByte, sha1Res.Length);
string base64Str = Convert.ToBase64String(joinByte);
return "{SSHA}" + base64Str;
}
对比:
public bool ValidatePwd(string pwd, string encryptedPwd)
{
byte[] salt = GetSalt(encryptedPwd);
string encryptedPwd2 = StrEncrypt(pwd, salt);
if (encryptedPwd == encryptedPwd2)
{
return true;
}
return false;
}
测试代码:
string ssha = "{SSHA}/x7Dg5Gl29ApHre6bhbhkDNnRlr+g1LN";
byte[] temp = GetSalt(ssha);
string temps = StrEncrypt("pwd", temp);
if (ValidatePwd("pwd", ssha))
{
return "yes";
}
return temps;
网友评论