为什么我的“随机”信息MachineKey的验证密钥和解密密钥都以相同的字节开头？

本文介绍了为什么我的“随机”信息MachineKey的验证密钥和解密密钥都以相同的字节开头？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个使用.NET 4.5.2的MVC应用程序。在此应用中，我将machineKey如下：

I have an MVC app using .NET 4.5.2. In this app, I set the MachineKey as follows:

    <machineKey compatibilityMode="Framework45" validationKey="25E5749C117E4072E721DA0B8A88B052AAA821CA1D1638C10F0DBF528C19D296134A996B5FA934E1032C9BA9FBDC45EF8806153D683EF4F6C833E7BF6639C513" decryptionKey="DC7ACBAD80BC8EDBD1429F102CEC1C210604DA6C3E6421A4" validation="SHA1" decryption="AES" />

然后我运行我的GetMachineKey代码（依赖于在访问内部属性时保持反射代码简单）：

I then run my GetMachineKey code (which has a dependency on ReflectionMagic to keep the reflection code simple when accessing Internal properties):

    public static Tuple<string, string> GetKeys()
    {
        var mksType = typeof(MachineKeySection);
        var getAppConfigMethod = mksType.GetMethod("GetApplicationConfig", BindingFlags.NonPublic | BindingFlags.Static);
        var boxedMachineKeySection = getAppConfigMethod.Invoke(null, null);
        var machineKeySection = boxedMachineKeySection as MachineKeySection;

        var dynKeySection = machineKeySection.AsDynamic();

        var encryptionKeyBytes = (byte[])dynKeySection.DecryptionKeyInternal;
        var encryptionKeyString = string.Concat(encryptionKeyBytes.Select(b => b.ToString("X2")));
        var validationKeyBytes = (byte[])dynKeySection.ValidationKeyInternal;
        var validationKeyString = string.Concat(validationKeyBytes.Select(b => b.ToString("X2")));

        return new Tuple<string, string>(encryptionKeyString, validationKeyString);
    }

运行该代码后，我成功检索了ValidationKey和DecryptionKey。大！完善！正是我在那种情况下想要的！

Upon running that code, I successfully retrieve both my ValidationKey and my DecryptionKey. Great! Perfect! Exactly what I want in that scenario!

接下来，我将MachineKey设置为：

Next, I set my MachineKey as such:

    <machineKey compatibilityMode="Framework45" validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1" decryption="AES" />

现在，当我运行代码时，我再次检索到密钥，我注意到每次我有一个在生成新密钥后，两个验证密钥中的前四个八位位组与解密密钥中的前四个八位组相同。我现在已经在12个不同的服务器上部署了该应用程序，并且模式是相同的（所有服务器上的字节都不相同，但是前四个八位位组始终在同一服务器的两个键上匹配）。例如，在一个实例中，我的密钥都以这样的方式开始：

Now when I run my code, again I retrieve my keys, I notice that every time I have a new key generated, the first four octets are identical in both the Validation Key as is in the Decryption Key. I have deployed this application on 12 different servers now and the pattern is the same (not the same bytes on all servers but the first four octets always match on both keys for the same server). For example, in one instance, my keys both begin like this:

验证密钥： B298BA4E 463CB2934329。

Validation Key: B298BA4E463CB2934329...

解密密钥： B298BA4E 0505BF0A9424 ...

Decryption Key: B298BA4E0505BF0A9424...

为什么随机键的开头都具有相同的字节？或者，我是否正确阅读了这些键？

PS 我知道这些键很难到达，并且出于安全原因非常重要，我通常不应该这样做。我正在尝试创建一个技术培训演示/演示，讨论负载平衡并说明为什么正确管理MachineKey很重要。我永远不会用生产代码做这样的事情，但是在通过负载均衡器查看方程式的变量以进行演示时，看到它们很高兴。因此，请不要向我讲授我不应该这样做的方法。是的，我知道。

P.S. I know these keys are meant to be hard to get to and are very important for security reasons and I shouldn't usually be doing this. I am attempting to create a tech training demo/presentation talking about load-balancing and showing why managing your MachineKeys correctly is important. I would never do something like this with production code but it's nice to see these things when going through load-balancers to see the variables of the equation being changed for presentation purposes. So please do not lecture me about how I shouldn't do this. Yes, I know.

P.P.S。。如果您看到这篇文章，则可能不应该使用我的代码。

P.P.S. If you come across this post, you probably shouldn't use my code. It's a bad idea!

the

为什么我的“随机”信息MachineKey的验证密钥和解密密钥都以相同的字节开头？

问题描述

推荐答案