0
我想執行修改密碼功能,下面顯示的是我迄今所做的代碼和截圖:更改密碼功能的加密和解密?
private void Password_Change()
{
int rowsAffected = 0;
string query = "UPDATE staff_user SET staff_password = @newpassword WHERE staff_password = @staff_password";
string constr = ConfigurationManager.ConnectionStrings["dbyouthworkConnectionString"].ConnectionString;
ConfirmPassword.Text = Encrypt(ConfirmPassword.Text.Trim());
CurrentPassword.Text = Decrypt(CurrentPassword.Text.Trim());
using (MySqlConnection con = new MySqlConnection(constr))
{
using (MySqlCommand cmd = new MySqlCommand(query))
{
con.Open();
using (MySqlDataAdapter sda = new MySqlDataAdapter())
{
cmd.Parameters.AddWithValue("@staff_password",CurrentPassword.Text);
cmd.Parameters.AddWithValue("@newpassword", (ConfirmPassword.Text));
cmd.Connection = con;
rowsAffected = cmd.ExecuteNonQuery();
con.Close();
}
if (rowsAffected > 0)
{
Label1.ForeColor = System.Drawing.Color.Green;
Label1.Text = "Password has been changed successfully.";
}
else
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Password does not match with our database records.";
}
if (CurrentPassword.Text == New_Password.Text)
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Old Password and New Password cannot be the same !";
}
if (CurrentPassword.Text == ConfirmPassword.Text)
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Old Password and New Password cannot be the same !";
}
}
}
}
private string Encrypt(string clearText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;
}
private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}[![enter image description here][1]][1]
然而,當我運行該項目 這是錯誤我得到: 
我似乎無法看到我去哪裏,因爲我用戶登錄時使用了相同的解密功能,而用戶創建帳戶時使用了加密功能。
由於密碼永遠不會被存儲(加密或純文本),您的代碼看起來很奇怪。請驗證實際代碼散列密碼並且不加密它們,並且帖子中的代碼僅僅是一些加密/解密的隨機字段的樣本。 –
@AlexeiLevenkov是什麼讓你覺得「密碼永遠不會被存儲(加密或純文本)」,肯定他們不應該是,但實際上他們都是經常。 – zaph
你不應該加密你的用戶密碼。你需要使用哈希,而不是一些強大的PBKDF2,bcrypt,scrypt和Argon2。由於散列函數是單向函數,因此您將無法「解密」散列。爲了驗證您的用戶,您可以再次通過散列函數運行密碼,以便與存儲在數據庫中的散列進行比較。查看更多:[如何安全地哈希密碼?](http://security.stackexchange.com/q/211/45523) –