密码加密/解密 [英] password encrypt/decrypt

问题描述

我有一个用户的SQL Server表，我想使密码进行加密，并使用asp.net保存在这个表中。我也希望用户可以得到忘记密码和编辑个人资料页，所以我需要解密以及密码。哪种算法或加密技术，我需要使用？

I have a users sql server table and I want to make password encrypted and saved in this table using asp.net. I also want that user can get the password on forgot password and edit profile page so I need to decrypt it as well. Which algorithm or encryption techniques do I need to use ?

请提示

推荐答案

不加密密码进入数据库 - 它哈希（使用盐）

Don't encrypt a password into the database - hash it (using a salt).

如果能够找回密码，是不是你真正需要的东西。你需要让人们重新登录。如果能够解密密码意味着你很可能是让人们知道你的用户的密码。

Being able to retrieve a password is not something you really need. You need to enable people to log back in. Being able to decrypt a password means you may well be allowing people to know the passwords of your users.

我建议您阅读关于建立一个安全的，你想知道的一切特洛伊亨特的密码重置功能。这是实现安全的密码策略的问题和解决方案进行全面的分析。

I suggest reading Everything you ever wanted to know about building a secure password reset feature by Troy Hunt. It is a full analysis of the problems and solutions for implementing a secure password strategy.

这篇关于密码加密/解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！