ilanyu 发布的文章

PantoSchool .net 加密算法

遇到的网站是用的PantoSchool .net,在数据库中发现大量非明文密码R2AKd+aZ0K4=,百度发现是123,打算分析下算法,下面是分析后给出算法

using System;
using System.IO;
using System.Security.Cryptography;

namespace DES
{
    public class DECEncrypt
    {
        private byte[] arrDESIV;
        private byte[] arrDESKey;

        public DECEncrypt()
        {
            this.arrDESKey = new byte[] { 0x2a, 0x10, 0x5d, 0x9c, 0x4e, 4, 0xda, 0x20 };
            this.arrDESIV = new byte[] { 0x37, 0x67, 0xf6, 0x4f, 0x24, 0x63, 0xa7, 3 };
        }

        public string Decrypt(string m_Need_Encode_String)
        {
            DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
            MemoryStream stream2 = new MemoryStream(Convert.FromBase64String(m_Need_Encode_String));
            CryptoStream stream = new CryptoStream(stream2, provider.CreateDecryptor(this.arrDESKey, this.arrDESIV), CryptoStreamMode.Read);
            StreamReader reader = new StreamReader(stream);
            return reader.ReadToEnd();
        }
        public string Encrypt(string m_Need_Encode_String)
        {
            DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
            MemoryStream stream2 = new MemoryStream();
            CryptoStream stream = new CryptoStream(stream2, provider.CreateEncryptor(this.arrDESKey, this.arrDESIV), CryptoStreamMode.Write);
            StreamWriter writer = new StreamWriter(stream);
            writer.Write(m_Need_Encode_String);
            writer.Flush();
            stream.FlushFinalBlock();
            stream2.Flush();
            return Convert.ToBase64String(stream2.GetBuffer(), 0, (int)stream2.Length);
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine(new DECEncrypt().Encrypt("123"));
            Console.ReadLine();
        }
    }
}

C#的代码,在vs2015调试通过,加密和解密方法,以及用到的key和iv都给了
另外批评下这套系统,存在大量漏洞就算了,密码还是用的可逆算法,这和直接储存明文有啥区别?另外还存在超简单的默认用户名和默认密码