如何在数据库中哈希用户密码 [英] How to hash users password in the database
本文介绍了如何在数据库中哈希用户密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
亲爱的,
我已经开始创建散列密码,我不太确定,我如何在数据库中创建和存储散列密码。当我通过网络服务发送时,我正在尝试加密我的用户名和密码。
用户级:
Dear all,
I have started on creating hashing password and I am little unsure, how do i go about creating and storing the hash password in the database. I am trying to encrypt my username and password, when i send them over a web-service.
User class:
public string CalculateHash(string text)
{
MD5 md5 = new MD5CryptoServiceProvider();
//compute hash from the bytes of text
md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(text));
//get hash result after compute it
byte[] result = md5.Hash;
StringBuilder strBuilder = new StringBuilder();
for (int i = 0; i < result.Length; i++)
{
//change it into 2 hexadecimal digits
//for each byte
strBuilder.Append(result[i].ToString("x2"));
}
return strBuilder.ToString();
}
public api_login Validate2(string userName, string Password)
{
// Find a user that matches that username and password (this will only validate if both match)
return db.api_login.FirstOrDefault(u => u.username == userName && u.password == Password);
}
如果有人会建议任何反馈,如何在数据库中获取密码哈希,当用户登录时,我是否在基本的auth类或用户类中执行此操作。
非常感谢
非常感谢
if anyone would suggest any feedback, into how can i get the password to hash in the database, when the user login, do I do that in the basic auth class or user class.
Many thanks
Many thanks
推荐答案
请参阅我对该问题的评论。目前还不清楚你要做什么,但很明显为什么。使用加密哈希函数进行身份验证是个好主意: http://en.wikipedia.org/wiki/Cryptographic_hash_function [ ^ ]。
首先,您不应该使用SHA-1系列或MD5的哈希算法;它们被认为是破碎的,不适合密码。更好地使用SHA-2算法之一。请参阅:
http://en.wikipedia.org/wiki/MD5 [< a href =http://en.wikipedia.org/wiki/MD5target =_ blanktitle =New Window> ^ ],
http://en.wikipedia.org/wiki/SHA-1 [ ^ ],
http://en.wikipedia.org/wiki/SHA-2 [ ^ ]。
.NET FCL实现在这里:http://msdn.microsoft.com/en-us/library/system.security .cryptography.hashalgorithm%28v = vs.110%29.aspx [ ^ ]。
更好地使用SHA512
或SHA256
:
http://msdn.microsoft.com/en-us /library/system.security.cryptography.sha512(v=vs.110).aspx [ ^ ],
http://msdn.microsoft.com/en-us/library/system.security.cryptography。 sha256(v = vs.110).aspx [ ^ ]。
我从未听说过使用这些实现中的任何一个都会产生任何问题。
-SA
Please see my comment to the question. It is unclear what you are trying to do, but it's clear why. This is a good idea to use cryptographic hash function for authentication: http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].
First of all, you should not use a hash algorithm from SHA-1 family or MD5; they are considered as broken, not suitable for passwords. Better use one of the SHA-2 algorithms. Please see:
http://en.wikipedia.org/wiki/MD5[^],
http://en.wikipedia.org/wiki/SHA-1[^],
http://en.wikipedia.org/wiki/SHA-2[^].
The .NET FCL implementations are here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=vs.110%29.aspx[^].
Better useSHA512
orSHA256
:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512(v=vs.110).aspx[^],
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256(v=vs.110).aspx[^].
I never heard that using any of these implementation created any problems.
—SA
不加密用户名或密码,并记住Base 64不是加密方法,或散列算法,或在此上下文中有用的任何东西!
看看这个:密码存储:如何操作。 [ ^ ] - 它应该有帮助!
Don't encrypt usernames or passwords, and do remember that Base64 is not an encryption method, or a hashing algorithm, or anything useful in this context!
Have a look at this: Password Storage: How to do it.[^] - it should help!
这篇关于如何在数据库中哈希用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文