密码保存.NET [英] Password saving .NET

问题描述

我有一个需要用户凭据才能运行的小应用程序.什么是存储这些凭据以供以后使用.NET的最佳方法是什么?预先感谢.

I have a small app that needs user credentials to operate. Whats the best way(library) to store those credentials for later use using .NET Thanks in advance.

推荐答案

.NET附带了许多Crypto API.在这里看看:

http://msdn.microsoft.com/en-us/library/system.security. cryptography.aspx [^ ]

您需要根据是否要单向加密，哈希，私钥等来选择一个.那里的因素和选择太多，因此最终取决于您的情况以及针对特定情况的需求.

.NET comes with tons of Crypto APIs. Take a look here:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx[^]

You need to pick one based on whether you want one-way encryption, hashing, private keys, etc. Too many factors and choices there, so it''s eventually up to you and based on what you need for your specific scenario.

永远不要以原始格式存储密码.如果您考虑一下:不需要身份验证，因为您可以始终将加密的登录密码与存储的加密密码进行比较.使用公钥加密，您也不必存储私钥(在这种情况下，这是加密密钥；了解公钥有助于解密，但不能解密).

您还可以存储密码的加密哈希.

有关强烈建议我建议使用RSA的密码，请参见 http://en.wikipedia.org/wiki/RSA [ ^ ]，请使用System.Security.Cryptography.RSA，System.Security.Cryptography. RSACryptoServiceProvider，请参阅 http://msdn.microsoft.com/en-us/library /system.security.cryptography.rsa.aspx [ http://en.wikipedia.org/wiki/Public-key_cryptography [< ^ ].

对于Cryptographic Hash方法，您需要了解 Cryptographic Hash Function 的工作方式，请参见 http://en .wikipedia.org/wiki/Cryptographic_hash_function [ ^ ] .
对于加密散列函数，可以使用例如SHA-2系列中的一种，请参见 http://en.wikipedia. org/wiki/SHA1 [ ^ ].它是在.NET中实现的，请参见 http://msdn.microsoft.com/zh-cn/library/system.security.cryptography.sha1.aspx [ http://en.wikipedia .org/wiki/MD5 [ ^ ].)该算法被认为是破解"的，决不能用于任何安全目的.


针对OP的最新评论(关于可逆"，请参见我的评论):
非对称加密和公钥加密基于单向功能的思想，请参见 http: //en.wikipedia.org/wiki/单向功能 [ ^ ]，另请参见trapdoor function: http://en.wikipedia.org/wiki/Trapdoor_one- way_function [^ ].一切都基于不可逆算法.



另外，请勿出于安全目的使用SHA-1，因为发现了安全漏洞.请参阅
http://en.wikipedia.org/wiki/Sha-1 [

You should never ever store passwords in their original form. If you think about it: you never need them for authentication, as you can always compare encrypted log-in password with you stored encrypted password. With public-key cryptography, you also don''t have to store a private key (which is a ciphering key in this case; knowledge of a public key helps to decipher, but not cipher).

You can also store cryptographic hash of the password.

For strong ciphering I would advice RSA, see http://en.wikipedia.org/wiki/RSA[^], use System.Security.Cryptography.RSA, System.Security.Cryptography.RSACryptoServiceProvider, see http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa.aspx[^]. You need to understand Public-key Cryptography, see http://en.wikipedia.org/wiki/Public-key_cryptography[^].

For the Cryptographic Hash approach, you need to understand how a Cryptographic Hash Function work, see http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].
For a Cryptographic Hash function, you can use, for example the one from the SHA-2 family, see http://en.wikipedia.org/wiki/SHA1[^]. It is implemented in .NET, see http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1.aspx[^].

Warning: Do not use MD5! (See http://en.wikipedia.org/wiki/MD5[^].) This algorithm is considered "broken", should never be used for any security purposes.


In response to last comment by OP (on "reversible", see my response comment):
Assymmetric ciphering and public-key cryptography is based on the idea of one-way function, see http://en.wikipedia.org/wiki/One-way_function[^], see also trapdoor function: http://en.wikipedia.org/wiki/Trapdoor_one-way_function[^]. Everything is based on non-reversible algorithm.



Also, don''t use SHA-1 for security purpose — a security flaw was found. Please see
http://en.wikipedia.org/wiki/Sha-1[^].

—SA

就像Nish所说的那样，有太多因素，情况和可能的要求.我们不知道您所处的环境，该环境的安全性或什至与访问控制远程关联的任何内容.这是您只能做出的决定.

Like Nish said, there are way too many factors, situations, and possible requirements. We have no idea of the environment you''re in, how secure it has to be, or anything even remotely associated with access control. It''s a decision only you can make.

这篇关于密码保存.NET的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！