SHA512加密+加盐 [英] SHA512 Encryption + salted

问题描述

我正在研究C＃visual studio窗体表单应用程序。但是，在我的发展过程中，我一直陷入困境。

我想在用盐腌加密之前先询问用户密码。
我怎样才能用SHA 512加密我的密码文本，然后再进行腌制和解密？有什么建议我可以做到吗？与其他加密方法相比，SHA 512是否足够安全？

解决方案

1. 不，SHA512对于密码处理不够安全。 SHA512速度很快，而密码处理需要很慢，以防止在数据库被黑客转储的情况下对密码进行暴力搜索。这类事件经常发生！


2. 您以后不会解密它。相反，当您从用户那里获得纯文本密码时，请使用数据库中的salt对其进行哈希处理，并将结果与​​数据库中的编码哈希进行比较。如果匹配，则用户通过身份验证。


3. 提供有关SHA512 / SHA256 / SHA1 / MD5 /快速发生什么问题的信息这里，包括.Net代码，显示如何使用更适当的函数（PBKDF2）进行密码处理。


4. Crackstation.net 也提供体面的教育做密码处理，但不特定于.Net。请务必特别阅读使密码破解更加困难：缓存哈希函数，以了解SHA512不适用的原因。


5. 很多地方对密码处理有很多不好的建议。您应该检查那些提供建议的人的安全声誉，以便您可以区分垃圾和垃圾。

I am working on a C# visual studio windows form application. However, i was stuck halfway during my development.

I am trying to ask the user for his/her password before encrypting it with salted. How can i encrypted my password text with SHA 512 with salted and decrypted it later on? Is there any advise on how i can do it? Is SHA 512 secure enough as compare to other encryption methods?

解决方案

1. No, SHA512 is not secure enough for password processing. SHA512 is fast, whereas password processing needs to be slow to prevent brute force searches on passwords in the event that the database is dumped by hackers. Such events happen often!
2. You do not decrypt it later on. Instead, when you get the plaintext password from the user, you hash it with the salt that is in the database and compare the result with the encoded hash in the database. If it matches, then user is authenticated.
3. Information about what's wrong with SHA512/SHA256/SHA1/MD5/anything fast is provided here, including .Net code that shows how to use a more appropriate function (PBKDF2) for password processing.
4. Crackstation.net also gives decent education on how to do password processing, but not specific to .Net. Make sure to especially read the "Making Password Cracking Harder: Slow Hash Functions" to understand why SHA512 is not appropriate.
5. There is a lot of bad advice on password processing in a lot of places. You should check the security reputations of those people providing advice so you can distinguish the good from the rubbish.

这篇关于SHA512加密+加盐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！