如何加密密码以便以后保存在数据库或文本文件中? [英] How to encrypt a password for saving it later in a database or text file?
问题描述
我希望我的应用程序将加密的密码保存在数据库或文本文件中。
假定任何人都可以打开数据库或文本文件,怎么办?
I want my application to save the password encrypted in a database or in a text file. How can I do that assuming that the database or text file can be open by anyone?
重复
不重复
我是要求特定于.NET的代码
Not duplicate I'm asking for code specific for .NET
编辑:我正在保存密码,以备后用。我需要对其进行解码并使用它来登录。
并不一定要超级安全,只需要人眼不易理解,并且很难用平凡的脚本进行解码。
I'm saving the password for later use. I need to decode it and use it to login. It doesn't have to be super secure, it just needs to be unreadable to the human eye, and difficult to decode with a trivial script.
推荐答案
StackOverflow读者不知道如何编写安全的密码方案,您也不知道。如果您要这样做,请坚持使用纯文本,以节省时间。来自彩虹表已足够:您需要了解的安全密码方案:
StackOverflow readers don't know how to write secure password schemes and neither do you. If you're going to do that, save time by sticking with plain text. From Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes:
彩虹表是容易被击败。对于每个
密码,生成一个随机的
数字(随机数)。用随机数将密码
散列,并同时存储
散列和随机数。服务器具有
足够的信息来验证密码
(现时值以明文形式存储)。
但是,即使随机值很小,
表示为16位,彩虹表也是
不可行的:现在每个哈希有65,536
个变体,而$ b $在3000亿个彩虹表条目中,b需要$ b亿。
中的随机数被称为盐。
Rainbow tables are easy to beat. For each password, generate a random number (a nonce). Hash the password with the nonce, and store both the hash and the nonce. The server has enough information to verify passwords (the nonce is stored in the clear). But even with a small random value, say, 16 bits, rainbow tables are infeasible: there are now 65,536 "variants" of each hash, and instead of 300 billion rainbow table entries, you need quadrillions. The nonce in this scheme is called a "salt".
很酷,是吗?是的,Unix crypt(-
几乎是安全系统中最低的公分母-b
)-自1976年以来就具有此
功能。如果这对
是个新闻,那么您不应该设计
密码系统。使用别人的
好人。
Cool, huh? Yeah, and Unix crypt —- almost the lowest common denominator in security systems —- has had this feature since 1976. If this is news to you, you shouldn’t be designing password systems. Use someone else’s good one.
使用 BCrypt -.NET和Mono的强密码哈希。这是一个简洁的.cs文件,随着密码破解计算机变得越来越快,它将继续满足您的需求。
Use BCrypt - Strong Password Hashing for .NET and Mono. It's a single cleanly written .cs file that will continue to meet your needs as password cracking computers get faster.
这篇关于如何加密密码以便以后保存在数据库或文本文件中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
