我正在使用BCrypt进行哈希和salt,并将其与存储在数据库中的哈希进行比较。似乎缺少带BCrypt的vb.net,这就是我为什么要问的原因。
因此,据我所知,当用户输入密码时,我们会生成一个散列和一个salt。然后我们将该散列与数据库中的散列进行比较,然而,由于我在网上没有发现任何关于vb.net的内容,我不确定如何做到这一点
这就是我到目前为止所拥有的。如果代码看起来很乱,那是因为我把它从Visual Studio复制粘贴到了这里,在VS上它看起来整洁。
现在我知道代码会有缺陷等等。我不那么担心,因为这是为了个人使用和学习。只需要学习如何使用BCrypt生成salt+hash,然后将其与已经生成的hash&我的数据库中有salt密码,但在如何进行和重做这段代码以及实现salt和salt的检查方面;哈希是一样的,我被卡住了。
Dim pw As String = TextBox_Password.Text
Dim Salt As String = BCrypt.Net.BCrypt.GenerateSalt(12)
Dim Hash As String = BCryot.Net.BCrypt.HashPassword(pw, salt)
Try
Connection.Open()
Dim SQLQuery
SQLQuery = "SELECT * FROM `core_members` where name='" & TextBox_Username & " ' and members_pass_hash='" & I don't know if you're meant to put Hash? here to hash the inputed password from the user? Or the TextBox_Password.Text & "'"
'As for the verify function... to compare the hashed password I do try to do this
If (BCRYpt.Net.BCrypt.Verify(pw, hash)) Then
Command1 = New MySqlCommand(SQLQuery, Connection)
READER = Command1.ExecuteReader
Dim Count As Integer
count = 0
While READER.read
count += 1
end while
READER.close()
If count = 1 then
'User Successfully Logged In
end if
'I definitely know the count = 1 etc probably not the best way to allow a user to login. I've seen something with MyData.HasRows or something like that to login?
'I know that the code above is probably no where near close to actually how it's done but as I said due to the lack of documentation with vb.net and BCrypt not making it easy.
清理登录功能的任何帮助都会很好,包括比较我数据库中的哈希密码。
我想向@Mary表示最大的感谢,感谢她为解决我迄今为止最大的问题提供了一个解决方案!非常感谢。
我之所以做出这个答案,是因为对我来说,有几个打字错误我必须纠正,但所有这些都归玛丽所有!
所以,首先我使用的是mysql.dat.dll,它使用Imports mysql。数据MySqlClient(它从Mary的代码中更改了一些内容(
导入地穴=BCRypt。网BCrypt-允许我们使用Crypt,而不必键入整个BCrypt。网B加密
请注意,如果你的文本框是空的,那么你会得到一个错误,对象引用没有设置为对象的实例。这是如果你在视觉工作室。如果您以普通用户身份运行程序,则不会发生这种情况。我会告诉用户确保他们已经输入了用户名和密码
Imports Crypt = BCRypt.Net.BCrypt
Private Sub VerifyPassword()
try
Dim Password As String = "TextBox_UserPassword"
Dim Hashword As String = ""
Using Conn As New MySqlCommand(Connection),
Command As New MySqlCommand("SELECT password FROM members where Username= @Username;", Conn)
Command.Parameters.Add("@Username", MySqlDbType.VarChar).Value = TextBox_Username
Conn.Open()
Hashword = Command.ExecuteScalar.ToString
End Using
Dim Result = Crypt.Verify(Password, Hashword)
If result = true then
MsgBox("Logged in")
else
MsgBox("Logged in Failed")
end if
Catch ex As Exception
MessageBox.Show(ex.Message) 'Optional'
MsgBox("Make sure have entered a Username or Password", vbcritical) 'If the textbox have nothing it will remind the user to make sure they enter a username or password'
End try
End Sub
我使用Sql Server来测试代码,因为这是我手边的东西。它对MySql的作用也是一样的。使用BCrypt,您不必单独存储盐。
Private Sub InsertNewUser()
Dim HashWord As String = BCrypt.Net.BCrypt.HashPassword(TextBox2.Text, BCrypt.Net.BCrypt.GenerateSalt(12))
Using cn As New SqlConnection(My.Settings.PublishCon),
cmd As New SqlCommand("Insert Into Users (UserName, Password) Values (@Name, @HashWord);", cn)
cmd.Parameters.Add("@Name", SqlDbType.VarChar, 100).Value = TextBox1.Text
cmd.Parameters.Add("@HashWord", SqlDbType.VarChar, 100).Value = HashWord
cn.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
Private Sub VerifyPassword()
Dim pw As String = TextBox2.Text
Dim HashWord As String = ""
Using cn As New SqlConnection(My.Settings.PublishCon),
cmd As New SqlCommand("SELECT Password FROM Users where UserName= @UserName;", cn)
cmd.Parameters.Add("@UserName", SqlDbType.VarChar).Value = TextBox1.Text
cn.Open()
HashWord = cmd.ExecuteScalar.ToString
End Using
Dim result = BCrypt.Net.BCrypt.Verify(pw, HashWord)
If result Then
MessageBox.Show("Successful Login")
Else
MessageBox.Show("Sorry login failed")
End If
End Sub