duanlan3598
duanlan3598
2016-12-07 03:03

RFC2898DeriveBytes vs Golang PBKDF2

  • net
已采纳

Here is my C# Rfc2898DeriveBytes

using System;
using System.Text;
using System.Security.Cryptography;

public class Program
{
    public static void Main()
    {
        byte[] saltBytes = Encoding.Unicode.GetBytes("47687");
        Console.WriteLine(Convert.ToBase64String(saltBytes));

        byte[] passBytes = Encoding.Unicode.GetBytes("123456");
        Console.WriteLine(Convert.ToBase64String(passBytes));

        Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(passBytes, saltBytes, 1000);
        byte[] hashbyte = k1.GetBytes(32);

        Console.WriteLine(Convert.ToBase64String(hashbyte));
    }
}

Result is NAA3ADYAOAA3AA== MQAyADMANAA1ADYA aOyDnGG22ebqGmMvY7zQwdT+UKF6hUUmAt2Uc0jj2io=

My golang code is

package main

import (
    "crypto/sha1"
    "fmt"
    "golang.org/x/crypto/pbkdf2"
    b64 "encoding/base64"
)

var (
    PasswordSecuritySalt       = "47687"
    PasswordSecurityIterations = 1000
    PasswordSecurityKeylen     = 32
)

func HashPassword(str string) string {
    hashedPassword := pbkdf2.Key([]byte(str), []byte(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
    return  b64.StdEncoding.EncodeToString(hashedPassword)
}

func main() {
    password := "123456"
    fmt.Println(PasswordSecuritySalt + " " + password)
    fmt.Println(HashPassword(password))

}

Result is 47687 123456 EVqb1dCe8p+iVEquNjJmHhSjruGATNQX73F6msXivM8=

Why golang result hash password is different with C#. Please help me.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • duan1396 duan1396 5年前

    .NET is using UTF-16 strings, so each character is represented by at least 2 bytes, while Go is using UTF-8 strings.

    C#:

    Encoding.Unicode.GetBytes("47687") // [52 0 55 0 54 0 56 0 55 0]
    

    Go:

    []byte("47687") // [52 55 54 56 55]
    

    If you want to get the same results in your Go application as in C#, you'll have to convert Go strings to UTF-16 byte slices:

    package main
    
    import (
        "crypto/sha1"
        b64 "encoding/base64"
        "encoding/binary"
        "fmt"
        "golang.org/x/crypto/pbkdf2"
        "unicode/utf16"
    )
    
    var (
        PasswordSecuritySalt       = "47687"
        PasswordSecurityIterations = 1000
        PasswordSecurityKeylen     = 32
    )
    
    func stringToUTF16Bytes(s string) []byte {
        runes := utf16.Encode([]rune(s))
        bytes := make([]byte, len(runes)*2)
        for i, r := range runes {
            binary.LittleEndian.PutUint16(bytes[i*2:], r)
        }
        return bytes
    }
    
    func HashPassword(str string) string {
        hashedPassword := pbkdf2.Key(stringToUTF16Bytes(str), stringToUTF16Bytes(PasswordSecuritySalt), PasswordSecurityIterations, PasswordSecurityKeylen, sha1.New)
        return b64.StdEncoding.EncodeToString(hashedPassword)
    }
    
    func main() {
        fmt.Println(HashPassword("123456"))
    }
    
    点赞 评论 复制链接分享