如何在登录表上加密密码和密码 [英] How encrypt password and decript at login table

问题描述

任何人都知道如何加密登录表的密码以及如何对其进行解密..
在登录时. ???

[edit]仅限主题:不要大喊大叫.使用所有大写字母被认为是在互联网上大喊大叫，并且粗鲁(使用所有小写字母被认为是幼稚的).如果要认真对待，请使用大写字母. -OriginalGriff [/edit]

Any one know that how to encrypt the password for login Table and how to dycrypt it..
At the the Login Time. ???

[edit]Subject only: DON''T SHOUT. Using all capitals is considered shouting on the internet, and rude (using all lower case is considered childish). Use proper capitalisation if you want to be taken seriously. - OriginalGriff[/edit]

推荐答案

Don''t.

取而代之.查看System.Cryptography命名空间，并使用SHA哈希生成一个值以存储在数据库中.当您需要检查它时，对用户给您的任何内容进行哈希处理，然后比较哈希值.如果它们相同，则用户可以登录.否则，他不能.

在对用户名或ID进行哈希处理之前，最好在数据中包含用户名或ID，以使两个具有相同密码的用户不会生成相同的哈希值.

如果使用加密，则需要代码中的密钥来对其进行解密-这会带来很大的安全风险.散列不需要密钥，因为它是单向的.

[edit]

我已经使用技巧/技巧作为适当的代码编写了对此的描述:密码存储:操作方法. [

Don''t.

Hash it instead. Look at the System.Cryptography namespace, and use SHA hashing to generate a value to store in you database. When you need to check it, hash whatever the user gave you, and compare the hashes. If they are the same, the user can be logged in. If not, he can''t.

It is also a good idea to include the username or Id in the data before you hash it, so that two users with the same password do not generate the same hash value.

If you use encryption, you need a key in your code which decrypts it - this posses a big security risk. Hashing does not need a key because it is one-way.

[edit]

I have written up a description of this with appropriate code as a Tip / Trick: Password Storage: How to do it.[^]
It should be available soon, depending on how quickly article moderation is going today!

OriginalGriff
[/edit]

要安全地存储密码以便可以读取，请使用

To securely store a password so that it can be read back, use the

ProtectedData

类.

class.

public static string ProtectPassword(string password)
{
    byte[] bytes = Encoding.Unicode.GetBytes(password);
    byte[] protectedPassword = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser);
    return Convert.ToBase64String(protectedPassword);
}

public static string UnprotectPassword(string protectedPassword)
{
    byte[] bytes = Convert.FromBase64String(protectedPassword);
    byte[] password = ProtectedData.Unprotect(bytes, null, DataProtectionScope.CurrentUser);
    return Encoding.Unicode.GetString(password);
}

这篇关于如何在登录表上加密密码和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！