将哈希密码存储在数据库中 [英] Store Hashed password in database

问题描述

大家好，

谁能让我知道如何使用BCrypt [/B](也让我知道Bcrypt是否安全)将散列密码[B]存储到数据库中，并在用户登录时验证密码.

注册页面

用户名:.........
密码:........

SAVEBUTTON

请提供使用BCrypt [/B]在sql数据库[B]中存储用户名和密码的代码.

用户名:...................
密码:.....................

登录按钮

提供代码以验证密码和存储在数据库中的密码.

谢谢&问候，
Prathap

Hi All,

Can anyone please let me know how to store a hashed password [B]using BCrypt[/B](also let me know if Bcrypt is safe) into database and verify the password when user login.

Register Page

Username:.........
Password:........

SAVEBUTTON

Please provide the code to store Username and password in sql database [B]using BCrypt[/B]

Username: ...................
Password : .....................

LOGINBUTTON

Provide code to verify the password with the one stored in database.

Thanks & Regards,
Prathap

推荐答案

Griff提示: ^ ]

Tip by Griff: Password Storage: How to do it.[^]

[回复OP对解决方案1的评论:]

不，请勿出于任何安全目的使用SHA1(或MD5)，因为它们会损坏.请阅读:
http://en.wikipedia.org/wiki/Sha1 [ http://en.wikipedia.org/wiki/MD5 [ http://en.wikipedia.org/wiki/Cryptographic_hash_function [ http://en.wikipedia.org/wiki/SHA-2 [ http://msdn.microsoft.com/en-us/library/system. security.cryptography.hashalgorithm.aspx [ ^ ].

当然，如果您可以将.NET或Mono用于Windows以外的平台，那么:
http://en.wikipedia.org/wiki/Mono_%28software%29 [ ^ ]，
http://www.mono-project.com/Main_Page [

[In reply to the OP''s comment to Solution 1:]

No, don''t use SHA1 (or MD5) for any security purposes — they are found broken. Please read:
http://en.wikipedia.org/wiki/Sha1[^],
http://en.wikipedia.org/wiki/MD5[^].

The most used reliable and secure cryptographic hash function would be one from the SHA-2 family:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^],
http://en.wikipedia.org/wiki/SHA-2[^].

And you don''t need to implement it by yourself. You can use the implementation available in .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

Of course, this is if you can use .NET or Mono, for platforms other than Windows:
http://en.wikipedia.org/wiki/Mono_%28software%29[^],
http://www.mono-project.com/Main_Page[^].

With Mono, you can always get the source code of SHA-2 or other algorithms and use it the way you want, even translate to other languages. I''m almost sure you will be able to find implementation for a language you use.

It was a bad idea not to tag your platform and languages; this can badly limit our help. I suggest next time you tag and indicate all relevant information.

Good luck,

—SA

这篇关于将哈希密码存储在数据库中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！