SQL-Server Verify SHA2_512 散列程序
SQL-Server Verify SHA2_512 hash procedure
考虑这个方法
declare @pswd nvarchar(max);
set @pswd = '2YKRCqHv';
Select
orig = a.Hash,
hashA = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast('2YKRCqHv' as varbinary(max)) + a.Salt),
hashB = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
from DB a
where
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast('2YKRCqHv' as varbinary(max)) + a.Salt)
or
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
输出:
orig 0x0200BB316075603286E929221B9C04411AEC602A98B295CC05FCFFA809C2B553A100F4EBD4AA6FB3458E0B7C7E6D6B36FEA4908DF0AECA5142A26FA06B30F125253E15D585EE
hashA 0x0200BB316075603286E929221B9C04411AEC602A98B295CC05FCFFA809C2B553A100F4EBD4AA6FB3458E0B7C7E6D6B36FEA4908DF0AECA5142A26FA06B30F125253E15D585EE
hashB 0x0200BB316075C91147A2AEC396358C3F950C7E930B8DF0F9AC05628E00A74663502EE7BFCE68AA7BA3EC8303AE65107C72CAEF95111DD85CE45F210291B2800141CA37863A09
为什么 A 和 B 不同?以及如何创建验证密码程序?
这是因为在 hashA 中,您正在 CAST 将 VARCHAR 转换为 VARBINARY,而在 hashB 中,您正在 CAST将 NVARCHAR 转换为 VARBINARY.
第一个是非 Unicode,因此有所不同。
尝试:
declare @pswd nvarchar(max);
set @pswd = '2YKRCqHv';
Select
orig = a.Hash,
hashA = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast(N'2YKRCqHv' as varbinary(max)) + a.Salt),
hashB = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
from DB a
where
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast(N'2YKRCqHv' as varbinary(max)) + a.Salt)
or
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
注意在 HashA 的密码前添加 N,这使其成为 Unicode,然后产生相同的结果。
或者,更改 @pswd 声明以使用 VARCHAR,它产生与 orig.
相同的输出
考虑这个方法
declare @pswd nvarchar(max);
set @pswd = '2YKRCqHv';
Select
orig = a.Hash,
hashA = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast('2YKRCqHv' as varbinary(max)) + a.Salt),
hashB = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
from DB a
where
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast('2YKRCqHv' as varbinary(max)) + a.Salt)
or
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
输出:
orig 0x0200BB316075603286E929221B9C04411AEC602A98B295CC05FCFFA809C2B553A100F4EBD4AA6FB3458E0B7C7E6D6B36FEA4908DF0AECA5142A26FA06B30F125253E15D585EE
hashA 0x0200BB316075603286E929221B9C04411AEC602A98B295CC05FCFFA809C2B553A100F4EBD4AA6FB3458E0B7C7E6D6B36FEA4908DF0AECA5142A26FA06B30F125253E15D585EE
hashB 0x0200BB316075C91147A2AEC396358C3F950C7E930B8DF0F9AC05628E00A74663502EE7BFCE68AA7BA3EC8303AE65107C72CAEF95111DD85CE45F210291B2800141CA37863A09
为什么 A 和 B 不同?以及如何创建验证密码程序?
这是因为在 hashA 中,您正在 CAST 将 VARCHAR 转换为 VARBINARY,而在 hashB 中,您正在 CAST将 NVARCHAR 转换为 VARBINARY.
第一个是非 Unicode,因此有所不同。
尝试:
declare @pswd nvarchar(max);
set @pswd = '2YKRCqHv';
Select
orig = a.Hash,
hashA = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast(N'2YKRCqHv' as varbinary(max)) + a.Salt),
hashB = 0x0200 + a.Salt + Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
from DB a
where
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast(N'2YKRCqHv' as varbinary(max)) + a.Salt)
or
a.Hash =
0x0200 + a.Salt+ Hashbytes('SHA2_512', cast(@pswd as varbinary(max)) + a.Salt)
注意在 HashA 的密码前添加 N,这使其成为 Unicode,然后产生相同的结果。
或者,更改 @pswd 声明以使用 VARCHAR,它产生与 orig.