其中在.NET中包括哈希算法对密码哈希足够安全？ [英] Which of the .NET included hashing algorithms are secure enough for password hashing?

问题描述

本的 LinkedIn的密码泄露证明了它是多么的重要安全散列密码。然而，即使散列与盐口令不与正常的散列算法（例如MD5和SHA家族）固定，因为它们是为速度，这使得黑客计算每秒（蛮力）23亿哈希。优化

The password leak of LinkedIn proved how important it is to securely hash your passwords. However, even hashing passwords with a salt is not secure with the 'normal' hashing algorithms (such as MD5 and the SHA family), since they are optimized for speed, which allows hackers compute 2300 million hashes per second (brute force).

有散列algoritms是使用更安全，因为他们更计算密集型，如 PBKDF2 ， Bcrypt ，的 PBMAC 和 scrypt 。这些散列算法然而，似乎没有包括在.NET框架。

There are hashing algoritms that are safer to use because they are much more computational intensive, such as PBKDF2, Bcrypt, PBMAC, and scrypt. These hashing algorithms however, don't seem to be included in the .NET framework.

那么，它的性能密集型的哈希算法包含在.NET框架？

So, which performance intensive hashing algorithms are included in the .NET framework?

答案 PBKDF2包含在框架和这现场展示如何正确使用它的。

ANSWER PBKDF2 is included in the framework and this site shows how to use it properly.

推荐答案

我觉得这不是一个真正的有意义的类名，但我认为它是包含在.NET框架。据多方消息人士透露，<一href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx">Rfc2898DeriveBytes实际上是一个PBKDF2执行。 MSDN是这么说的也是如此。

I think it's not really a meaningful Class name, but I do think it is included in the .NET framework. According to multiple sources, Rfc2898DeriveBytes is actually a PBKDF2 implementation. MSDN says so as well.

请参阅 <一href="http://stackoverflow.com/questions/2659214/why-do-i-need-to-use-the-rfc2898derivebytes-class-in-net-instead-of-directly">Why我是否需要使用直接使用密码作为密钥或IV的Rfc2898DeriveBytes类（在.NET）呢？ 和 <一href="http://stackoverflow.com/questions/1046599/pbkdf2-implementation-in-c-sharp-with-rfc2898derivebytes">PBKDF2在C＃与Rfc2898DeriveBytes 实施

例如。

这篇关于其中在.NET中包括哈希算法对密码哈希足够安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！