我一直在从 .NET 中为 ColdFusion 寻找与以下方法/功能等效的方法。我有在数据库上运行 ASP.NET 站点的 ASP 成员表。ColdFusion 站点使用相同的数据库。我们的想法是使用 ColdFusion 站点使用的当前数据库开发一个 ASP 站点。这两个站点将并行运行至少 3-6 个月,允许用户从任一站点进行连接。用户的创建也可以发生在任一方。从 .NET 我对其进行了排序。但在 ColdFusion 中,我仍在苦苦挣扎。
private string GenerateSalt() {
var buf = new byte[16];
(new RNGCryptoServiceProvider()).GetBytes(buf);
return Convert.ToBase64String(buf);
}
我发现了一些非常简单的东西。它可能不是相同的加密服务,但它生成与上述相同的长度和格式。
GenerateSecretKey("AES")
就那么简单。也许这可能会在将来对某人有所帮助。
There is no pure CF equivalent. However, the java equivalent is SecureRandom:
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.
Example:
<cfscript>
provider = createObject("java", "java.security.SecureRandom").getInstance("SHA1PRNG");
bytes = javacast("byte[]", listToArray(repeatString("0,", 16)));
provider.nextBytes( bytes ) ;
saltInBase64 = binaryEncode( bytes, "base64");
</cfscript>