PantoSchool .net 加密算法
遇到的网站是用的PantoSchool .net,在数据库中发现大量非明文密码R2AKd+aZ0K4=,百度发现是123,打算分析下算法,下面是分析后给出算法
using System;
using System.IO;
using System.Security.Cryptography;
namespace DES
{
public class DECEncrypt
{
private byte[] arrDESIV;
private byte[] arrDESKey;
public DECEncrypt()
{
this.arrDESKey = new byte[] { 0x2a, 0x10, 0x5d, 0x9c, 0x4e, 4, 0xda, 0x20 };
this.arrDESIV = new byte[] { 0x37, 0x67, 0xf6, 0x4f, 0x24, 0x63, 0xa7, 3 };
}
public string Decrypt(string m_Need_Encode_String)
{
DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
MemoryStream stream2 = new MemoryStream(Convert.FromBase64String(m_Need_Encode_String));
CryptoStream stream = new CryptoStream(stream2, provider.CreateDecryptor(this.arrDESKey, this.arrDESIV), CryptoStreamMode.Read);
StreamReader reader = new StreamReader(stream);
return reader.ReadToEnd();
}
public string Encrypt(string m_Need_Encode_String)
{
DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
MemoryStream stream2 = new MemoryStream();
CryptoStream stream = new CryptoStream(stream2, provider.CreateEncryptor(this.arrDESKey, this.arrDESIV), CryptoStreamMode.Write);
StreamWriter writer = new StreamWriter(stream);
writer.Write(m_Need_Encode_String);
writer.Flush();
stream.FlushFinalBlock();
stream2.Flush();
return Convert.ToBase64String(stream2.GetBuffer(), 0, (int)stream2.Length);
}
}
class Program
{
static void Main(string[] args)
{
Console.WriteLine(new DECEncrypt().Encrypt("123"));
Console.ReadLine();
}
}
}
C#的代码,在vs2015调试通过,加密和解密方法,以及用到的key和iv都给了
另外批评下这套系统,存在大量漏洞就算了,密码还是用的可逆算法,这和直接储存明文有啥区别?另外还存在超简单的默认用户名和默认密码