哪一种.NET包含的哈希算法适合密码哈希？ [英] Which of the .NET included hashing algorithms are suitable for password hashing?

问题描述

LinkedIn的密码泄漏证明了安全地对您的密码进行哈希处理非常重要。但是，即使使用 hash散列密码也无法使用常规散列算法（例如MD5和SHA系列）进行安全加密，因为它们针对速度进行了优化，这使黑客每秒可以计算23亿个散列（强力）。 / p>

有些哈希算法更安全，因为它们需要大量的计算，例如 PBKDF2 ， Bcrypt ，PBMAC和< a href = https://www.tarsnap.com/scrypt.html rel = nofollow noreferrer> scrypt 。但是，这些散列算法似乎并未包含在.NET框架中。

那么，.NET框架中包含哪些性能密集型散列算法？ p>

答案： PBKDF2包含在框架中，并且此网站显示了如何正确使用它。

解决方案

我认为它不是真的一个有意义的类名称，但是我确实认为它包含在.NET框架中。根据多个消息来源， Rfc2898DeriveBytes 实际上是PBKDF2实现。 MSDN也是如此。

请参阅

和
在C＃中使用Rfc2898DeriveBytes实现PBKDF2

。

The password leak of LinkedIn proved how important it is to securely hash your passwords. However, even hashing passwords with a salt is not secure with the 'normal' hashing algorithms (such as MD5 and the SHA family), since they are optimized for speed, which allows hackers compute 2300 million hashes per second (brute force).

There are hashing algoritms that are safer to use because they are much more computational intensive, such as PBKDF2, Bcrypt, PBMAC, and scrypt. These hashing algorithms however, don't seem to be included in the .NET framework.

So, which performance intensive hashing algorithms are included in the .NET framework?

ANSWER: PBKDF2 is included in the framework and this site shows how to use it properly.

解决方案

I think it's not really a meaningful Class name, but I do think it is included in the .NET framework. According to multiple sources, Rfc2898DeriveBytes is actually a PBKDF2 implementation. MSDN says so as well.

See Why do I need to use the Rfc2898DeriveBytes class (in .NET) instead of directly using the password as a key or IV? and PBKDF2 implementation in C# with Rfc2898DeriveBytes

for example.

这篇关于哪一种.NET包含的哈希算法适合密码哈希？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！