从文本文件中获取密码后如何散列密码？ [解决了] [英] How to hash the password once I had gotten the password from the textfile? [solved]

问题描述

这是我第一次使用c＃，我目前即将完成我的项目，但我对这两个问题非常感兴趣。请允许我简要介绍一下我的项目是如何形成的，以便您有更清晰的画面。



在我的项目中，我需要先创建myproject1.exe使用带有硬编码密码的visual studio来更改本地管理员帐户。硬编码的密码将从文本文件中读取。创建myproject1.exe后，我需要使用myproject1.exe生成myproject2.exe。我的project2.exe将包含我从文本文件中获取的密码。



此项目的目标是用户可以更改本地管理员所有笔记本电脑上的密码只需将第二个exe复制到所有笔记本电脑上。



这是我使用myproject1.exe生成myproject2.exe的方法：



System.IO。 File.Copy（Application.StartupPath +\\myproject1.EXE，Application.StartupPath +\\myproject2.exe）;





我知道在生成myproject2.exe之前需要做一些事情，例如在应用程序中存储密码并散列我从文本文件中获取的密码，但我不知道如何做到这一点。任何人都可以帮我解决这两个问题：



如果我从文本文件中获取密码后，如何在应用程序中保存密码并散列密码？



如果您需要我的其他编码来帮助我，请告诉我。任何帮助将不胜感激。

This is my first time using c# and I am currently about to finish my project but is quite stuck about these two issue that I have. Allow me to give you a brief description on how my project will be like so that you will have a clearer picture.

In my project, I will need to first create myproject1.exe using visual studio with hardcoded password to change local administrator account. The hardcoded password will be read from a textfile. Once I have create myproject1.exe, I will then need to use myproject1.exe to generate myproject2.exe. My project2.exe will contains the password that I had obtain from the textfile.

The objectives of this project is such that the user will be able to change the local administrator password on all the laptop by just copy the second exe to all those laptop.

This is how I use myproject1.exe to generate myproject2.exe:

System.IO.File.Copy(Application.StartupPath + "\\myproject1.EXE", Application.StartupPath + "\\myproject2.exe");


I know that something needs to be done before I generate myproject2.exe such as storing of password inside the application and hash the password that I had gotten from the textfile but I have no idea how to do this. Can anyone help me with these two issue that I have:

How to save the password inside the application and hash the password once I had gotten the password from the textfile?

Let me know if you need another other coding from me to assist me. Any help would be greatly appreciated.

推荐答案

Eilson Tang问：

Eilson Tang asked:

...现在，你在谈论哈希，你能详细说明一下吗？例如，我如何在这个学校项目中使用哈希？

…Just now, you were talking about hash, can you elaborate more about it? For eg., how do I use hash in this school project that I have?

我会尝试。



首先，请理解加密哈希函数： https://en.wikipedia.org/wiki/Cryptographic_hash_function [< a href =https://en.wikipedia.org/wiki/Cryptographic_hash_functiontarget =_ blanktitle =New Window> ^ ]。



使用C＃，最好使用SHA-2系列中的一种算法，因为发现SHA-1和MD5（所有这些都在.NET FCL中可用）都有一些缺陷：http://en.wikipedia.org/wiki/SHA-2 [ ^ ]。



与.NET FCL一起使用是微不足道的： https://msdn.microsoft .COM / EN-U s / library / system.security.cryptography.hashalgorithm％28v = vs.110％29.aspx [ ^ ]。



现在，这是一个想法：密码只应由创建密码的人知道。它不应该在任何地方创建。创建帐户时，应用程序或其客户端部分会请求新密码并立即计算其哈希值，该哈希值与其他帐户数据一起存储。应尽快忘记原始密码。从哈希，它是不可能找到原始密码（加密不可行）。在身份验证期间会发生同样的事将根据用户提供的密码立即计算的散列函数的值与存储的密码散列进行比较。当客户端部分和服务器部分由网络分开时，重要的是要理解原始密码永远不会通过网络发送，只能通过其哈希发送。窃听哈希是一个不太严重的问题，可以单独解决;其中一个安全措施是在我刚才描述的架构之上使用HTTPS。



现在，对于Windows应用程序，为了更好的原始密码输入过程的安全性，有一些特殊控件，如 PasswordBox ，它们使用特殊数据类型：

https://msdn.microsoft.com/en-us/library/system.windows.controls.passwordbox%28v= vs.110％29.aspx [ ^ ]，

http://www.tutorialspoint.com/wpf/wpf_passwordbox.htm [ ^ ]。

-SA

I'll try.

First of all, please understand what cryptographic hash function does: https://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

With C#, it's probably the best to use one of the algorithms from the SHA-2 family, because SHA-1 and MD5 (all of them available in .NET FCL) are found to have some flaws: http://en.wikipedia.org/wiki/SHA-2[^].

Using it with .NET FCL is trivial: https://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=vs.110%29.aspx[^].

Now, here is the idea: the password should be known only to the person who created it. It should not be created anywhere. When an account is created, the application, or its client part, requests the new password and immediately calculates its hash, which is stored with other account data. The original password should be forgotten as soon as possible. From hash, it's impossible figure out the original password (cryptographically infeasible). The same thing happens during authentication. The value of hash function immediately calculated from the password supplied by the user is compared with the stored password hash. When client part and server part are separated by a network, it's important to understand that the original password is never sent via the network, only its hash. Eavesdropping of the hash is much less severe problem, which is solved separately; one of the security measures is the use of HTTPS on top of the schema I just described.

Now, for Windows applications, for better security of original password entering process, there are special controls like PasswordBox, they use special data type:
https://msdn.microsoft.com/en-us/library/system.windows.controls.passwordbox%28v=vs.110%29.aspx[^],
http://www.tutorialspoint.com/wpf/wpf_passwordbox.htm[^].

—SA

这篇关于从文本文件中获取密码后如何散列密码？ [解决了]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！