All geek questions in one place

How to reproduce System.Security.Cryptography.SHA1 Installed Result in Python

Here's the deal: I'm moving the .NET site to Python. I have a password hash database using the System.Security.Cryptography.SHA1Managed utility.

I am creating a hash in .NET with the following code:

string hashedPassword = Cryptographer.CreateHash("MYHasher", userInfo.Password);

The MYHasher block is as follows:

<add algorithmType="System.Security.Cryptography.SHA1Managed, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=blahblahblah"
    saltEnabled="true" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=3.0.0.0, Culture=neutral, PublicKeyToken=daahblahdahdah"
    name="MYHasher" />

So, for this password, I go back and save 48 bytes of salted sha1 in the database. I assume the last 8 bytes are salt. I tried to reproduce the hashing process in python by doing sha1 (salt + password) and sha1 (password + salt), but I had no luck.

My question to you:

  • How are public keys used?
  • How to recover a password using salt.
  • How is salt created? (e.g. When I say saltEnabled = "true", what extra magic happens?)

, .NET, , .

!

0
3

, , SHA1, Enterprise Library, Java.

:

  • ?

    PublicKeyToken .net. 64- , , . . -.

  • .

    :

    • Cryptographer.CreateHash("MYHasher",value); "MYHasher" - System.Security.Cryptography.SHA1Managed, , value - , .

    • CreateHash(IHashProvider provider, string plaintext), IHashProvider. :

    
byte[] bytes = Encoding.Unicode.GetBytes(plaintext);
byte[] hash = provider.CreateHash(bytes);
CryptographyUtility.GetRandomBytes(bytes);
return Convert.ToBase64String(hash);

    • value, ( plaintext), , Unicode.

    • , SHA1 hash provider CreateHash(bytes) -, . :

    • this.CreateHashWithSalt(plaintext, (byte[]) null);, plaintext , value, . - ( ). :

    
this.AddSaltToPlainText(ref salt, ref plaintext);
byte[] hash = this.HashCryptographer.ComputeHash(plaintext);
this.AddSaltToHash(salt, ref hash);
return hash;
    • this.AddSaltToPlainText(ref salt, ref plaintext) - , . :
    
if (!this.saltEnabled)
    return;
  if (salt == null)
    salt = CryptographyUtility.GetRandomBytes(16);
  plaintext = CryptographyUtility.CombineBytes(salt, plaintext);
    • this.saltEnabled saltEnabled="true" . true, , 16 ( API C).
    • plaintext . : [] [ ]

!

  • plaintext SHA1-, this.HashCryptographer.ComputeHash(plaintext);. 20 .

  • ​​ 20- , , this.AddSaltToHash(salt, ref hash);, 36 .

  • , return Convert.ToBase64String(hash); CreateHash(). Base64 SHA1 + , .

: Base64 ( + SHA1 ( + ))

  1. ? (, saltEnabled = "true", ?)

    2, CryptographyUtility.GetRandomBytes(16);, C:

[DllImport("QCall", CharSet = CharSet.Unicode)] private static extern void GetBytes(SafeProvHandle hProv, byte[] randomBytes, int count);

, !

+3

, - sha1 (password + salt) + salt. SHA-1 , 48 28- , 8- , .

+1

When using overload string CreateHash(string, string), the following happens:

  • The string is converted to bytes using UTF16 (using Encoding.Unicode.GetBytes ()).
  • Random 16-byte salt is produced.
  • Salt is added to the converted string and hashed.
  • Salt is added to the hash.
  • Hash + salt is converted back to string using base64 (using Convert.ToBase64String ()).
+1
source

Source: https://habr.com/ru/post/1697440/

More articles:


All Articles