C# - 存储用户密码进行比较 [英] C# - Storing user password for comparison
问题描述
我将用户登录加密的密码存储在数据库 (SQL Server) 中.由于 API 限制,密码需要在 C# 端加密,所以我不能使用数据库的内置加密.加密这些密码的最快/最简单的方法是什么,以便我可以将它们与用户稍后输入到第三方服务的内容进行比较?
I am storing user logon encrypted passwords in a database (SQL Server). Because of an API restriction, the passwords need to be encrypted on the C# end of things, so I can't use the database's built-in encryption. what is the fastest/easiest way to encrypt these passwords so I can compare them to what the user would have typed in to a third-party service later?
我是 C# 的新手,我知道密码永远不应该是纯文本,所以我想确保我拥有最高的安全性.我曾尝试使用 RSA.EncryptValue()
函数,但我对如何正确使用它感到很迷茫.
I am new to C# and I understand that passwords should never be in plain text so that's why I want to make sure I have the highest security. I have tried using the RSA.EncryptValue()
function but I'm pretty lost as to how to use it correctly.
感谢任何帮助 - 提前致谢.
Any help is appreciated - thanks in advance.
-吉米
推荐答案
您不想加密和存储密码.您想生成一个哈希并存储它.然后,当用户登录时,您重新生成哈希并将其与存储在数据库中的哈希进行比较.
You don't want to encrypt and store passwords. You want to generate a hash and store that. Then, when a user is logging in, you regenerate the hash and compare it to the one stored in the database.
这个问题的答案 提供了如何在c#(一个答案包括有关执行加盐"哈希的信息).
The answers to this question provide examples of how one might hash a password in c# (one answer includes information on doing a "salted" hash).
这篇关于C# - 存储用户密码进行比较的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!