1

我的项目包含 2 个表单,一个用于注册用户,一个用于登录。我正在使用一个紧凑的本地数据库来存储密码。我写了一个函数来在用户注册时加密密码。然后,当用户登录时,我写了另一个来解密相同的密码。

第一部分,加密,工作得很好。用户注册,我可以看到数据库上加密的密码。但是,当我尝试登录时,密码没有被解密。这是我的功能。

Module EncryptionModule

    Public Function base64Encode(ByVal sData As String) As String

        Try
            Dim encData_Byte As Byte() = New Byte(sData.Length - 1) {}
            encData_Byte = System.Text.Encoding.UTF8.GetBytes(sData)
            Dim encodedData As String = Convert.ToBase64String(encData_Byte)
            Return (encodedData)

        Catch ex As Exception

            Throw (New Exception("Error is base64Encode" & ex.Message))

        End Try


    End Function

    Public Function base64Decode(ByVal sData As String) As String

        Dim encoder As New System.Text.UTF8Encoding()
        Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()
        Dim todecode_byte As Byte() = Convert.FromBase64String(sData)
        Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
        Dim decoded_char As Char() = New Char(charCount - 1) {}
        utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
        Dim result As String = New [String](decoded_char)
        Return result

    End Function

End Module

这是注册用户和加密密码的例程:

Private Sub btnRegister_Click(sender As Object, e As EventArgs) Handles btnRegister.Click

                        'If the username is taken or used on the 
                    'database, then create account
                    If MasterTableAdapter.CheckUserName(txtUserName.Text) = Nothing Then

                        Dim pwd As String = base64Encode(Trim(txtConfirmPassword.Text))

                        MasterTableAdapter.CreateAccount(txtFName.Text, txtLName.Text, txtUserName.Text, pwd, int1)

                        MsgBox("An account has been created for: " & vbNewLine & _
                        "Employee: " & txtFName.Text & " " & txtLName.Text & vbNewLine & _
                        "User Name: " & txtUserName.Text & vbNewLine & _
                        "Access Level: " & strAccessLevel)

                        Me.Close()

                    Else

                        MessageBox.Show("The username is in use. Please select another username.", "Authentication Error", MessageBoxButtons.OK, _
                                                MessageBoxIcon.Error)

                    End If

End Sub

这是从登录表单登录和解密密码的例程:

Private Sub btnLogin_Click(sender As Object, e As EventArgs) 处理 btnLogin.Click

Dim pwd As String = base64Decode(Trim(txtPassword.Text))

            If Not MasterTableAdapter.Login(txtUserName.Text, pwd) = Nothing Then
                'frmWelcomePage.Show()

                MsgBox("SUCCESS")

            Else

                'If no match, display error, clear text boxes and send focus back to the username text box.
                MessageBox.Show("Username or password do not match", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
                txtPassword.Text = Nothing
                txtUserName.Text = Nothing

                txtUserName.Focus()

            End If
End if

End Sub

我是整个加密领域的新手,所以我不知道我在这里做错了什么。

4

2 回答 2

4

您不应该解密密码。

当用户创建密码时,您应该生成一个哈希(即:无法重建密码的值)

当用户尝试登录时,您应该将给定密码的哈希值与存储的哈希值进行比较。

于 2013-10-17T17:45:05.700 回答
3

首先,Base64 编码不是加密。许多人可以查看 B64 字符串并知道如何解读它。您应该按照 podiluska 的建议研究哈希技术。

也就是说,由于您的 Decode 方法无法解读您编码的内容,这意味着您在其中一个或另一个中有错误。可以对您正在做的事情进行简单的编码:

Dim s As String = "MySecretPassword"

' convert to byte array
Dim bArry() As Byte = System.Text.Encoding.UTF8.GetBytes(s)
' convert bytes to Base64:
Dim sb64 As String = System.Convert.ToBase64String(barry)

解码正好相反:

' Base64 -> Byte Array
Dim bOut() As Byte = System.Convert.FromBase64String(sb64)
' Byte Arry -> clear text
Dim sOut As String = System.Text.Encoding.UTF8.GetString(bOut)
于 2013-10-17T20:00:32.787 回答