Bcrypt vs identiy加密 [英] Bcrypt vs identiy encryption

问题描述

我正在为.Net Core应用程序实现Identity访问控制的过程。



它的密码哈希与Bcrypt相比如何？用Bcrypt替换它的情况？



我尝试过：



NA，这是意见而不是帮助的请求

解决方案

BCrypt是一个散列函数！

它只是故意制作得很慢蛮力更难：哈希行动：了解bcrypt [ ^ ]

In我认为你可以按照它的方式使用Identity;它使用的是PBKDF2 + HMAC-SHA，并且很可能在使用它的代码中存在任何缺陷而不是算法本身。



你可以阅读什么标识在这里使用：

探索ASP.NET核心身份PasswordHasher [ ^ ]

I'm in the process of implementing Identity for access control on a .Net Core application.

How does its password hashing compare to Bcrypt and is there a case for replacing it with Bcrypt?

What I have tried:

NA, this is a request for opinions rather than assistance

解决方案

BCrypt is a hashing function!.
It's just deliberately slow to make it harder to brute force: Hashing in Action: Understanding bcrypt[^]

In my opinion you are fine with using Identity the way it is; it is using PBKDF2+HMAC-SHA and most likely any flaws will be in the code using it as opposed to the algorithm itself.

You can read up on what Identity uses here:
Exploring the ASP.NET Core Identity PasswordHasher[^]

这篇关于Bcrypt vs identiy加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！