怎么样？加密和解密ASP.NET用户成员的密码 [英] How? Encrypt and Decrypt user membership passwords in ASP.NET

问题描述

我们正在使用ASP.NET成员资格提供用户注册和登录，创建一个新的网站。我们的老系统进行了加密用户密码，这样，如果我们需要，我们可以恢复它们。

We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we needed to.

我有麻烦了很大搞清楚是否可以使用ASP.NET隶属函数简单地加密密码，当用户寄存器，然后解密，所以我可以看到它。

I am having a great deal of trouble figuring out if it is possible to use ASP.NET membership functions to simply encrypt the password when the user registers and then unencrypt it so I can see it.

此文档嘶是不存在的。

Web.config中有它密码保存为加密的ALA
了passwordFormat =加密的供应商，并在machineKey中分配的validationKey，但它似乎像密码仍然得到散列（虽然也许它只是以及加密）。无论哪种方式（美国），我不能decifer密码怎么可以恢复，如果neccessary。

I know how to configure Web.config to have it store passwords as encrypted ala passwordFormat="Encrypted" in the provider and assigning a validationKey in the machineKey, however it seems like the password still gets hashed (though perhaps it is just well encrypted). Either way I cannot decifer how the password can be recovered (by us) if neccessary.

谢谢！

推荐答案

在可恢复格式存储密码是一个非常贫穷的想法。如果你能恢复他们，所以任何人都可以谁闯入你的服务器。

Storing passwords in recoverable format is a very poor idea. If you can recover them so can anyone who breaks into your server.

您最好使用一个标准的哈希+盐的做法并具有密码重置机制来处理用户忘记密码的情况。

You're better off using a standard hash+salt approach and having a password reset mechanism to handle the case where users forget their password.

这篇关于怎么样？加密和解密ASP.NET用户成员的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！