base64Encode函数最适合编码密码字符串吗? [英] Is base64Encode function is best for encode a password string?

问题描述

大家好，

我想在winform项目的mysql数据库中保存用户名和密码.

我的一位朋友告诉我，它不安全，因此您可以加密并保存它.
我对加密一无所知，所以我用谷歌搜索并获得了base64Encode和解码功能，并在我的项目中使用了它.

它将普通字符串更改为无法找到的字符串.

普通字符串-JAGA
编码字符串-SkFHQQ ==

够生产吗?
我还能做什么?.

@

Hi all,

I want to save userid and password in mysql database for my winform project.

One of my friends has told me that it is not secure, so you encrypt and save that.
I don''t know about encryption, so I googled and got base64Encode and decode function and I use that in my project.

It changes the normal string in a unfindable string.

normal string - JAGA
Encode string - SkFHQQ==

Is it enough for production?
What else can I do?.

thanks in advance!@

推荐答案

如果对编码密码绝对没有用.对此有什么神秘之处?此代码旨在发送文本数据中的二进制数据，例如电子邮件或HTTP.每个人都可以将其解码为原始密码.这几乎与以原始格式存储不受保护的密码相同，这是绝对不能接受的.

有关加密方法，请参见名称空间System.Security.Cryptography， http://msdn.microsoft. com/en-us/library/system.security.cryptography.aspx [ ^ ].
对于介绍，请阅读以下内容: http://msdn.microsoft.com/en-us/library/92f9ye3s. aspx [ ^ ].

您可以使用两种方法来输入密码:真实"密码，例如公钥密码( http://en.wikipedia.org/wiki/Public-key_cryptography [ ^ ])或加密哈希函数( http://en.wikipedia. org/wiki/Cryptographic_hash_function [ ^ ])).

具有加密哈希功能的方法是最简单的一种.您将该函数应用于密码，并将其存储在哈希表中.无法还原哈希并获取密码.从来没有人需要它.当您的软件获得密码后，它将执行相同的哈希功能，并将结果与​​存储的哈希进行比较.从未使用原始密码，这增加了此方法的安全性.对于加密哈希函数，请使用"SHA"类之一System.Security.Cryptography:SHA512，SHA256等.

有关"SHA"类算法的说明，请参见 http://en.wikipedia.org/wiki/SHA2 [ ^ ].

警告！请勿使用MD5( http://en.wikipedia.org/wiki/MD5 [

请注意以下重要提示(谢谢，金).对每个用户使用唯一的free参数作为哈希函数还可以消除意外使用相同密码的用户学习密码的风险.这些参数可以与现金密码一起存储.即使对密码文件的访问中断了，并且有人读取了具有哈希函数参数的哈希密码，它也无助于恢复哈希函数以获取原始密码.要了解它，请阅读我在上面引用的有关加密哈希函数的Wikipedia文章.

—SA

If is absolutely useless for encoding a password. What''s cryptic about it? This code is designed to send binary data in text data, such as e-mail messages or HTTP. Everyone can decode it to original password. This is nearly the same as storing unprotected passwords in their original form, which is absolutely not acceptable.

For encryption methods, see the name space System.Security.Cryptography, http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx[^].
For introduction, read this: http://msdn.microsoft.com/en-us/library/92f9ye3s.aspx[^].

You can use two approaches for password: "real" cryptography, for example, public-key cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography[^]) or cryptographic hash function (http://en.wikipedia.org/wiki/Cryptographic_hash_function[^]).

The approach with cryptographic hash function is the simplest one. You apply the function to the password and store it in the hashed form. It is impossible to revert the hash and obtain password. Nobody need its, ever. When your software gets a password, it performs the same hash function and compare the result with the stored hash. The original password is never used, which adds to security of this method. For the cryptographic hash function, use one of the "SHA" classes System.Security.Cryptography: SHA512, SHA256, etc.

For explanation of "SHA" class of algorithms, see http://en.wikipedia.org/wiki/SHA2[^].

Warning! Never use MD5 (http://en.wikipedia.org/wiki/MD5[^]) for any security purposes! This function is considered "broken", so using it is unsafe.


Pay attention for the important note below (thank you, Kim). Using unique free parameter for hash function per user also removes the risk of learning the password by the user who accidentally uses identical password. The parameters can be stored along with cashed passwords. Even if the access to the password file is broken and someone reads the hashed passwords with hash function parameters, it cannot help to revert the hash function to get an original password. To understand it, please read the Wikipedia article on cryptographic hash function I referenced above.

—SA

不，base64编码与加密无关.

在密码存储:操作方法中查看此技巧. [ ^ ]

不要加密密码，您可以使用 MD5或 SHA方法来哈希密码.这样，没有人可以重新输入密码，您将生成一个新密码.

MySql具有内置的密码功能.查看 PASSWORD() [

No, base64 encoding has nothing to do with encryption.

Check this great tip out Password Storage: How to do it.[^]

Do not encrypt the password, you Hash the password with MD5 or SHA method. This way nobody can recorver the password, you generate a new one.

MySql has a built-in password function. Check out PASSWORD()[^] function on MySql web site.

When generating hash value. Do not use the same parameter for generating hash value or else if two user has the same password, the hash value will also be the same.

DES加密比base64编码更安全. br/> 最好使用DES加密.

DES Encryption is more secure than base64 encoding.
It will be better to use DES encryption.

这篇关于base64Encode函数最适合编码密码字符串吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！