将哈希密码存储在数据库中 [英] Store Hashed password in database
问题描述
大家好,
谁能让我知道如何使用BCrypt [/B](也让我知道Bcrypt是否安全)将散列密码[B]存储到数据库中,并在用户登录时验证密码.
注册页面
用户名:.........
密码:........
SAVEBUTTON
请提供使用BCrypt [/B]在sql数据库[B]中存储用户名和密码的代码.
用户名:...................
密码:.....................
登录按钮
提供代码以验证密码和存储在数据库中的密码.
谢谢&问候,
Prathap
Hi All,
Can anyone please let me know how to store a hashed password [B]using BCrypt[/B](also let me know if Bcrypt is safe) into database and verify the password when user login.
Register Page
Username:.........
Password:........
SAVEBUTTON
Please provide the code to store Username and password in sql database [B]using BCrypt[/B]
Username: ...................
Password : .....................
LOGINBUTTON
Provide code to verify the password with the one stored in database.
Thanks & Regards,
Prathap
推荐答案
Griff提示: ^ ]
Tip by Griff: Password Storage: How to do it.[^]
[回复OP对解决方案1的评论:]
不,请勿出于任何安全目的使用SHA1(或MD5),因为它们会损坏.请阅读:
http://en.wikipedia.org/wiki/Sha1 [ http://en.wikipedia.org/wiki/MD5 [ http://en.wikipedia.org/wiki/Cryptographic_hash_function [ http://en.wikipedia.org/wiki/SHA-2 [ http://msdn.microsoft.com/en-us/library/system. security.cryptography.hashalgorithm.aspx [ ^ ].
当然,如果您可以将.NET或Mono用于Windows以外的平台,那么:
http://en.wikipedia.org/wiki/Mono_%28software%29 [ ^ ],
http://www.mono-project.com/Main_Page [
[In reply to the OP''s comment to Solution 1:]
No, don''t use SHA1 (or MD5) for any security purposes — they are found broken. Please read:
http://en.wikipedia.org/wiki/Sha1[^],
http://en.wikipedia.org/wiki/MD5[^].
The most used reliable and secure cryptographic hash function would be one from the SHA-2 family:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^],
http://en.wikipedia.org/wiki/SHA-2[^].
And you don''t need to implement it by yourself. You can use the implementation available in .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].
Of course, this is if you can use .NET or Mono, for platforms other than Windows:
http://en.wikipedia.org/wiki/Mono_%28software%29[^],
http://www.mono-project.com/Main_Page[^].
With Mono, you can always get the source code of SHA-2 or other algorithms and use it the way you want, even translate to other languages. I''m almost sure you will be able to find implementation for a language you use.
It was a bad idea not to tag your platform and languages; this can badly limit our help. I suggest next time you tag and indicate all relevant information.
Good luck,
—SA
这篇关于将哈希密码存储在数据库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!