我正在尝试使用 SHA-512 算法在 SQL Server 2008 中实现对密码进行散列和加盐的解决方案。该解决方案基于 Michael Coles 所著的“Expert SQL Server 2008 Encryption”一书。根据他的示例,我能够在 Visual Studio 2010(C# 中的 .NET 3.5)中构建项目并部署到 SQL Server 2008(如下面的代码所示)。
using System;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
using System.Security.Cryptography;
namespace Apress.Samples
{
public partial class CustomEncryption
{
[Microsoft.SqlServer.Server.SqlFunction
(
IsDeterministic = true,
DataAccess = DataAccessKind.None
)]
public static SqlBytes SaltedHash
(
SqlString Algorithm,
[SqlFacet(MaxSize = -1)] SqlBytes PlainText,
SqlBytes Salt
)
{
// Return NULL if any of the parameters is NULL
if (Algorithm.IsNull || PlainText.IsNull || Salt.IsNull)
return SqlBytes.Null;
// Determine which algorithm to use
bool HashDefined = true;
HashAlgorithm Hash = null;
switch (Algorithm.Value.ToUpper())
{
case "SHA256":
Hash = new SHA256Managed();
break;
case "SHA384":
Hash = new SHA384Managed();
break;
case "SHA512":
Hash = new SHA512Managed();
break;
default:
HashDefined = false;
break;
}
if (!HashDefined)
throw new Exception
("Unsupported hash algorithm - use SHA256, SHA384 or SHA512");
// Combine the plaintext with the salt
byte[] PlainTextWithSalt = new byte[PlainText.Length + Salt.Length];
for (long i = 0; i < Salt.Length; i++)
PlainTextWithSalt[i] = Salt[i];
for (long i = Salt.Length; i < PlainText.Length; i++)
PlainTextWithSalt[i] = PlainText.Value[i - Salt.Length];
// Generate the hash and return the result
byte[] HashBytes = Hash.ComputeHash(PlainTextWithSalt);
return new SqlBytes(HashBytes);
}
}
}
当我使用下面的代码从 SQL 执行测试时,每个算法都会按预期生成哈希。
DECLARE @plaintext varchar(15);
SET @plaintext = 'ABCDEFGHIJ';
DECLARE @salt varbinary(16);
SET @salt = Crypt_Gen_Random(16);
DECLARE @sha256 varbinary(32)
DECLARE @sha384 varbinary(48)
DECLARE @sha512 varbinary(64)
SELECT @sha256 = dbo.SaltedHash('SHA256', CAST(@plaintext AS varbinary(max)), @salt);
SELECT @sha384 = dbo.SaltedHash('SHA384', CAST(@plaintext AS varbinary(max)), @salt);
SELECT @sha512 = dbo.SaltedHash('SHA512', CAST(@plaintext AS varbinary(max)), @salt);
SELECT 'SHA-256' AS algorithm, @sha256 AS hash
UNION ALL
SELECT 'SHA-384', @sha384
UNION ALL
SELECT 'SHA-512', @sha512;
我想用它来验证登录,我假设我需要检索为用户记录存储的盐值并将其传递给 SaltedHash 函数,它将返回散列值。从那里,我会将函数返回的散列值与存储在用户记录中的散列值进行比较。
我遇到的问题是当我测试传递硬编码的盐值('0x0E5ECC235FF6BD7337FFDDE5799D4EEA')以及明文('ABCDEFGHIJ')以模拟检索散列值(例如用于比较散列密码)时。如果我提供具有相同硬编码盐值的 ('1234567890') 的明文值,它将返回完全相同的哈希值。实际上,任何 10 个字符的明文值都会返回相同的散列值。
DECLARE @plaintext varchar(15);
SET @plaintext = 'ABCDE12345';
DECLARE @salt varbinary(16);
SET @salt = 0x0E5ECC235FF6BD7337FFDDE5799D4EEA; // Hardcoded salt value!
SELECT @salt
DECLARE @sha256 varbinary(32)
DECLARE @sha384 varbinary(48)
DECLARE @sha512 varbinary(64)
SELECT @sha256 = dbo.SaltedHash('SHA256', CAST(@plaintext AS varbinary(max)), @salt);
SELECT @sha384 = dbo.SaltedHash('SHA384', CAST(@plaintext AS varbinary(max)), @salt);
SELECT @sha512 = dbo.SaltedHash('SHA512', CAST(@plaintext AS varbinary(max)), @salt);
SELECT 'SHA-256' AS algorithm, @sha256 AS hash
UNION ALL
SELECT 'SHA-384', @sha384
UNION ALL
SELECT 'SHA-512', @sha512;
我假设问题在于“将明文与盐结合”代码,但不确定。
关于如何解决这个问题的任何想法?