保护数据库中的密码 [英] protect passwords in database
问题描述
我有应用程序,每个用户都使用用户名和密码..
所有都在用户硬盘上的Microsoft访问基础上..
如何保护该数据库免于预先设置用户查看...或者我如何设置密码?
可能通过cripting它们?
怎么样?任何链接或解释都会很棒..
我正在使用.NET C#,Framework 1.1
BR
i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user''s hard drive..
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
I''m using .NET C#, Framework 1.1
BR
推荐答案
Alfa,
你不应该加密密码期限。有了足够的时间和处理能力,有人会破坏它(虽然有些算法比其他算法更有可能是b
。)
你需要做的是使用哈希。获取密码的哈希值然后
在人们登录时重新创建它。如果哈希值匹配,那么你可以允许他们登录。这是哈希工作的原因是你无法从哈希中重新创建
密码,这是一种单向转换。
希望这会有所帮助。
-
- Nicholas Paldino [.NET / C#MVP]
- mv*@spam.guard.caspershouse.com
" Alfa&欧米茄" < al ***** @ gmail.com写信息
新闻:ea ********** @ ss408.t-com.hr ...
Alfa,
You shouldn''t encrypt passwords period. With enough time and processing
power, someone will break it (although some algoritms are more likely to be
broken than others).
What you need to do is use a hash. Take a hash of the password and then
recreate it when people log in. If the hashes match, then you can allow
them to log in. The reason a hash works is that you can not recreate the
password from the hash, it is a one-way transformation.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Alfa & Omega" <al*****@gmail.comwrote in message
news:ea**********@ss408.t-com.hr...
>我有应用程序whiwh为每个用户使用用户名和密码..
所有在用户'的Microsoft访问基础上硬盘驱动器..
我如何保护该数据库不会让用户查看它...或者我可以如何获得密码?
也许是通过抓住它们?
怎么样?任何链接或解释都会很棒..
我正在使用.NET C#,Framework 1.1
BR
>i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user''s hard drive..
How can I protect that database from preveting user viewing it...or how
can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
I''m using .NET C#, Framework 1.1
BR
Alfa& Omega写道:
Alfa & Omega wrote:
i有应用程序whiwh为每个用户使用用户名和密码..
所有在Microsoft访问基础上用户的硬盘..
如何保护该数据库免于用户查看它...或者我如何识别密码?
也许通过cripting他们?
怎么样?任何链接或解释都会很棒..
i have application whiwh uses username and password for each user ..
All is in Microsoft access base on user''s hard drive..
How can I protect that database from preveting user viewing it...or how can I prtect passwords?
maybe by cripting them?
how? any link or explanation would be great..
不加密,但是对它们进行哈希处理:获取清除密码,将其交给
哈希算法(例如SHA-1)并将结果哈希存储在
数据库中。当你想检查一个用户提供的密码时,使用相同的算法将它散列为
并比较2个散列值(你刚刚计算的
和一个存储的值)数据库)。
Arnaud
MVP - VC
Not crypting, but hashing them : Take the clear password, give it to an
hash algorithm (SHA-1 for example) and store the resulting hash in the
database. When you want to check a user-supplied password, hash it
using the same algorithm and compare the 2 hashed values (the one you
just computed and the one stored int he database).
Arnaud
MVP - VC
< ad ****** @club-internet.frwrote留言
news:11 ********************** @ 75g2000cwc。 googlegro ups.com ...
|
|没有加密,而是对它们进行哈希处理:取出明确密码,将其交给
|哈希算法(例如SHA-1)并将结果哈希存储在
|中数据库。如果要检查用户提供的密码,请将其哈希值
|使用相同的算法并比较2个散列值(你计算的是
|刚刚计算出来的那个和数据库中存储的那个)。
|
感谢您的建议,adebaene和Nicholas ....
这就是我所需要的......但我刚发现: http://www.codeproject.com/cpp/rehash.asp
http://www.codeproject.com/dotnet/HackingMd5.asp
md5破裂还是假的?
BR
Igor
<ad******@club-internet.frwrote in message
news:11**********************@75g2000cwc.googlegro ups.com...
|
| Not crypting, but hashing them : Take the clear password, give it to an
| hash algorithm (SHA-1 for example) and store the resulting hash in the
| database. When you want to check a user-supplied password, hash it
| using the same algorithm and compare the 2 hashed values (the one you
| just computed and the one stored int he database).
|
Thanks for advices, adebaene and Nicholas....
That''s all I need..but I just found this: http://www.codeproject.com/cpp/rehash.asp
http://www.codeproject.com/dotnet/HackingMd5.asp
md5 cracked or it''s fake??
BR
Igor
这篇关于保护数据库中的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
