从hash sha512中检索salt [英] Retrieve salt from hash sha512
本文介绍了从hash sha512中检索salt的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用SHA512算法来生成我的哈希和盐,如何剥离我的盐值来比较密码?
这是我的哈希和盐的一个例子
Hash-y2Xx7GpEJlvQoZRoJdHbswWawc80x76r7boABaV903WZ9UUEMhqkw1DGioMkp0o91vixqp1OtPOGJSdyMLNbqQ ==
Salt-meP9gXvqn5s =
Hi, I am using SHA512 algorithm to generate my hash and salt, how do I strip my salt value to compare passwords?
Here is an example of my hash and salt
Hash-y2Xx7GpEJlvQoZRoJdHbswWawc80x76r7boABaV903WZ9UUEMhqkw1DGioMkp0o91vixqp1OtPOGJSdyMLNbqQ==
Salt-meP9gXvqn5s=
推荐答案
你在这里遗漏了什么...
你拿你的密码,添加一些盐(可能是胡椒和橄榄油),然后把它的散列放入一些数据库中。
当想要检查提供的密码是否相同时存储在数据库中,你通过相同的过程传递它 - 除了商店部分,并将结果与存储的值进行比较...
这是正确的过程,无论如何你不能逆转这种哈希获得原始值。出于安全原因,密码存储必须使用单向(也称为加密哈希),如SHA ...
一些代码示例得到这个想法...
You missing something here...
You take your password, add some salt (maybe pepper and olive oil) to it, than crate its hash and store that in some database.
When want to check if the provided password is the same stored in the database you pass it through the same process - except the store part, and compare the result to the stored value...
This is the right process, and anyway you can not reverse this kind of hash to get the original value. For security reason in password storage you have to use a one-way-has (called also cryptographic hash), like SHA...
Some code sample to get the idea...
private string CreateHash ( string Password )
{
string szBase = string.Format ( "code{0}project", Password );
SHA512 oSHA512 = SHA512.Create ( );
byte[ ] bResult = oSHA512.ComputeHash ( Encoding.UTF8.GetBytes ( szBase ) );
string szHash = Encoding.UTF8.GetString ( bResult );
return ( szHash );
}
public void StorePassword(string UserName, string Password)
{
string szHash = CreateHash ( Password );
DAL.StorePassword ( UserName, szHash );
}
public void ValidatePassword ( string UserName, string Password )
{
string szStoredHash = DAL.ReadPassword ( UserName );
string szHash = CreateHash ( Password );
if ( szHash.Equals ( szStoredHash ) )
{
// Authenticated
}
else
{
// Invalid UserName or Password
}
}
[/ EDIT]
[/EDIT]
这篇关于从hash sha512中检索salt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
