C# 和 Javascript 之间的 SHA-256 哈希值不同
我目前正在开展一个项目,该项目将涉及基于数据库行的信用卡刷卡录取.与遗嘱调用系统一样,CC 号码的 SHA-256 哈希值必须与 DB 行中的哈希值匹配才能被视为正确取件".
I am currently working on a project that will involve credit card swipes for admissions based on database rows. Like a will call system, the SHA-256 hash of the CC number must match the hash in the DB row in order to be considered the "proper pickup".
但是,因为票房系统是基于浏览器的,取货时的CC号必须在客户端散列,使用Javascript,然后对比之前下载的会调用数据.
However, because the box office system is based in the browser, the CC number on pickup must be hashed client-side, using Javascript, and then compared to the previously downloaded will call data.
但是,当尝试对数字进行散列时,散列总是与创建 DB 行时散列的不同(使用 VB.NET 和 SQL Server 2008 R2).例如,如果数据库中的 CC 编号碰巧是 444433322221111,那么来自 .NET 的结果哈希将变为 xU6sVelMEme0N8aEcCKlNl5cG25kl8Mo5pzTowExenM=.
However when trying to hash the numbers, the hash always ends up different than what was hashed when the DB row was created (using VB.NET and SQL Server 2008 R2). For example, if a CC number in the database happened to be 4444333322221111, then the resulting hash from .NET would become xU6sVelMEme0N8aEcCKlNl5cG25kl8Mo5pzTowExenM=.
但是,当使用任何我能找到的 Javascript SHA-256 哈希库时,生成的哈希总是NbjuSagE7lHVQzKSZG096bHtQoMLscYAXyuCXX0Wtw0=.
However, when using any SHA-256 hash library for Javascript I could find, the resulting hash would always be NbjuSagE7lHVQzKSZG096bHtQoMLscYAXyuCXX0Wtw0=.
我假设这是某种 Unicode/UTF-8 问题,但无论我尝试什么,我都无法得到相同的哈希值,这让我开始抓狂.任何人都可以提供任何建议吗?
I'm assuming this is some kind of Unicode/UTF-8 issue, but no matter what I try I cannot get the hashes to come out the same and it's starting to drive me crazy. Can anyone offer any advice?
以下内容可能会提供一些见解.请到 http://www.insidepro.com/hashes.php?lang=enga> 并插入4444333322221111"在密码框中没有引号.然后,向下滚动到 SHA-256 部分.
Here's something that may provide some insight. Please go to http://www.insidepro.com/hashes.php?lang=eng and insert "4444333322221111" without quotes into the Password box. Afterwards, scroll down to the SHA-256 section.
您可以看到有四个结果,其中两个是我发布的哈希码(从上数第二个是 Javascript 哈希,底部一个是 SQL 哈希).根据该页面,底部哈希结果是使用 base 64 字符串生成的,并将密码转换为 unicode 格式.
You can see that there are four results, two of them are the hash codes I posted (the second from the top being the Javascript hash and the bottom one being the SQL hash). According to that page, the bottom hash result is generated using a base 64 string, as well as making the password into unicode format.
我对此进行了调查,并尝试了许多不同的函数来将密码编码为 unicode 格式,但无论我尝试进行什么小调整或使用其他函数,我都无法让它与我需要的哈希码相匹配.
I've investigated this and tried many different functions to encode the password into unicode format, but no matter what little tweaks I try or other functions I make, I could never get it to match the hash code I need.
我目前正在调查在服务器端调用 SHA-256 函数时使用的参数.
I am currently investigating the parameters used when calling the SHA-256 function on the server side.
更新:
所以为了确保我没有发疯,我在调试时在即时窗口中运行了我用于 CC 数字的哈希方法.同样,结果仍然与以前相同.您可以在此处查看屏幕截图:http://i.imgur.com/raEyX.png
So just to make sure I wasn't crazy, I ran the Hash method I'm using for the CC numbers in the immediate window while debugging. Again, the result remains the same as before. You can see a screenshot here: http://i.imgur.com/raEyX.png
推荐答案
Adam Liss提到 .NET/SQL Server 中字符串之间的字节数组与 Javascript 中的字符串不同..NET 中字符串 4444333322221111 的数组看起来像 [52 0 52 0 52 0 52 0 51 0 51 0... etc.] 而同样的东西在 Javascript 中看起来像 [5252 52 52 51 51 51 51...].因此,对于不同的字节数组,会生成不同的哈希值.
Adam Liss had it right when he mentioned the byte arrays between strings in .NET/SQL Server are different than strings in Javascript. The array in .NET for the string 4444333322221111 would look like [52 0 52 0 52 0 52 0 51 0 51 0... etc.] and the same thing in Javascript would just look like [52 52 52 52 51 51 51 51...]. Thus, with different byte arrays, different hashes were generated.
我能够通过修改 此处的 base 64 SHA-256 散列算法为我的应用程序解决此问题,每次从字符串中提取一个字符以生成哈希.
I was able to remedy this for my application by modifying the base 64 SHA-256 hashing algorithm from here, where each character is pulled from the string one at a time in order to generate the hash.
我没有让它这样做,而是首先将字符串转换为类似 unicode 的字节数组(如上面的 .NET 示例,52 0 52 0 等),将该数组提供给散列算法而不是字符串,并做了一些非常小的调整,以便它抓取每个数组成员来生成散列.瞧,它奏效了,现在我有一种非常方便的方法来散列 CC 数字,其方式与 .NET 框架相同,以便快速轻松地查找订单.
Rather than having it do it this way, I first converted the string into a unicode-like byte array (like the .NET example above, 52 0 52 0 etc), fed that array to the hashing algorithm instead of the string, and did some very minor tweaks in order for it to grab each array member to generate the hash. Low and behold, it worked and now I have a very convenient method of hashing CC numbers in the same fashion as the .NET framework for quick and easy order lookup.
相关文章