1

I have to generate password hash with SSHA512 which could work with Postfix. I have hash generator written in Python and i need to rewrite it to C#. I wrote some code in c# that generating hash but Postfix could not verify generated password.

Python code:

def generate_ssha512_password(p):
"""Generate salted SHA512 password with prefix '{SSHA512}'.
Return SSHA instead if python is older than 2.5 (not supported in module hashlib)."""
p = str(p).strip()
try:
    from hashlib import sha512
    salt = os.urandom(8)
    pw = sha512(p)
    pw.update(salt)
    return '{SSHA512}' + b64encode(pw.digest() + salt)

And My C# code version 1:

        public static string CreateSalt(int size)
    {
        //Generate a cryptographic random number.
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] buff = new byte[size];
        rng.GetBytes(buff);
        return Convert.ToBase64String(buff);
    }
        public static string GenerateHash(string input, string salt)
    {
        byte[] bytes = Encoding.UTF8.GetBytes(input + salt);
        SHA512 sHA512ManagedString = new SHA512Managed();
        byte[] hash = sHA512ManagedString.ComputeHash(bytes);
        return Convert.ToBase64String(hash);
    }

C# code version 2:

        public static byte[] CreateSaltRaw(int size)
    {
        //Generate a cryptographic random number.
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] buff = new byte[size];
        rng.GetBytes(buff);
        return buff;
    }
    public static string GenerateHash2(string input, byte[] salt)
    {
        byte[] bytes = Encoding.UTF8.GetBytes(input + Convert.ToBase64String(salt));
        SHA512 sHA512ManagedString = new SHA512Managed();
        byte[] hash = sHA512ManagedString.ComputeHash(bytes);
        List<byte> pass = hash.ToList();
        foreach (var s in salt)
        {
            pass.Add(s);
        }
        //return Convert.ToBase64String(hash);
        return Convert.ToBase64String(pass.ToArray());
    }

In version 1 generated hash is shorten than hash generated in Python. In version 2 length is same. Unfortunetly both versions doesn't work in Postfix. Generated hash can't be verified.

Values i get:

Password: texas

Python generated password:

Q5RlBLOCizu/o/iI7NrzqI1lIvMJ5lLngPH1zdeYSdbA+G+wzNcCTwPOwEG/oKM5P3bqrBcm5gLDSdBO3IjnplWHbgqgTBvV

C#:

raw salt values v1:

0xed 0x01 0x97 0x7b 0xc2 0xec 0x29 0x76

encoded salt v1:

7Q+Xe8LsKXY=

encode salt + pass v1 :

2EXXraKRShKwOOb9TYU4hoXVQPhhujaK2dJVe8/n423tW3dOBBdycUPBluMmRtkNELIocAIkRKR6Rk+R5T43rw==
4

1 回答 1

1

From the posted result of the Python code

Q5RlBLOCizu/o/iI7NrzqI1lIvMJ5lLngPH1zdeYSdbA+G+wzNcCTwPOwEG/oKM5P3bqrBcm5gLDSdBO3IjnplWHbgqgTBvV

the following can be derived as salt after Base64 decoding:

55876e0aa04c1bd5 (hex encoded) or VYduCqBMG9U= (Base64 encoded)

In the C# code, first salt and password must be encoded:

byte[] salt = Convert.FromBase64String("VYduCqBMG9U="); 
byte[] password = Encoding.ASCII.GetBytes("texas"); // Here the encoding of the Python code must be used

Before hashing, both byte[] must be concatenated. Since the concatenation of byte[] is needed again later, it's useful to implement a helper method:

private static byte[] join(byte[] b1, byte[] b2)
{
    byte[] b = new byte[b1.Length + b2.Length];
    Buffer.BlockCopy(b1, 0, b, 0, b1.Length);
    Buffer.BlockCopy(b2, 0, b, b1.Length, b2.Length);
    return b;
}

Thus the hashing is performed as follows:

HashAlgorithm algorithm = new SHA512Managed();
byte[] passwordSalt = join(password, salt);
byte[] hash = algorithm.ComputeHash(passwordSalt);

Before the Base64 encoding, hash and salt must be concatenated:

byte[] hashSalt = join(hash, salt);
string hashSaltB64 = Convert.ToBase64String(hashSalt); // Q5RlBLOCizu/o/iI7NrzqI1lIvMJ5lLngPH1zdeYSdbA+G+wzNcCTwPOwEG/oKM5P3bqrBcm5gLDSdBO3IjnplWHbgqgTBvV

To process a random salt you can use e.g. your CreateSaltRaw method and simply replace

byte[] salt = Convert.FromBase64String("VYduCqBMG9U=");

by

byte[] salt = CreateSaltRaw(8);
于 2020-08-11T10:23:03.347 回答