如何对用户密码进行哈希处理? [英] How to hash users passwords?
问题描述
请不要将此标记为重复,因为我已经检查了多个帖子,但是没有一个帮助我.
我正在建立一个具有登录页面的网站,并且阅读了这篇文章
https://www.codeproject.com/Articles/704865/Saltted-Password-Hashing-Doing-it-Right#normalhashing
有关如何确保我的登录名的安全性.
现在我了解到,每次注册时,我都必须创建CSPRNG(加密安全的伪随机数生成器)并将其添加到用户提交的密码中,然后对该混合进行哈希处理并将其存储在数据库中,并为每个用户存储盐,因为这对每个用户都是随机的.我的问题是最简单,最简单的方法是什么.
在我的控制器中,我通过这种方法获取用户名和密码
公共JsonResult登录(LoginModel数据){//一些代码...//...} 我的登录模型包含
公共类LoginModel{公共字符串用户名{get;放;}公共字符串密码{get;放;}} 所以我得到了用户名和密码,例如(字符串a = data.Username,...)
我已经将此添加到了我的项目中,但是我不知道如何从这里继续
使用System.Security.Cryptography; 我肯定知道如何保存在数据库中,如何随机分配盐(可能使用RNGCryptoServiceProvider),以及如何将其添加到用户密码中,然后对最终结果进行哈希处理.感谢您的帮助.
我是这样做的,并且工作正常.
我添加了一个新班级
公共类帮助器{公共字符串CreateSalt(int大小){var rng = new RNGCryptoServiceProvider();var buff =新字节[大小];rng.GetBytes(buff);返回Convert.ToBase64String(buff);}公共字符串GenerateSha256Hash(字符串输入,字符串盐){byte [] bytes = System.Text.Encoding.UTF8.GetBytes(input + salt);SHA256Managed shaString =新的SHA256Managed();byte [] hash = shaString.ComputeHash(bytes);返回BitConverter.ToString(hash);}} }
然后在我的控制器中添加了此类的实例
Helper myHelper = new Helper(); 然后我将值传递给
string salt = myHelper.CreateSalt(5);字符串hashedPassword = myHelper.GenerateSha256Hash(* PasswordField *,salt);hashedPassword = hashedPassword.Replace(-",string.Empty).Substring(0,16); 我要从哈希密码中删除-",然后使用前16个字符.
感谢@Luke Joshua Park,@ gusto2,@ JamesS和@CodeCaster的帮助.
please do not mark this as a duplicate because I've already checked multiple posts but none of them helped me.
Asp.net MVC - How to hash password
I'm building a website that has a login page, and I read this post
https://www.codeproject.com/Articles/704865/Salted-Password-Hashing-Doing-it-Right#normalhashing
on how to make my login secure.
Now I understand that on each sign up I have to create CSPRNGs(Cryptographically secure pseudorandom number generator) and add it to the password submitted by the user, then hash this mix and store it in the DB, and store the salt for each user because it's a random one for each user. My question is what is the easiest and the most simple way to do that.
In my controller I'm taking the username and the password via this method
public JsonResult Login(LoginModel data)
{
//some code...
//...
}
My login model contain
public class LoginModel
{
public string Username { get; set; }
public string Password { get; set; }
}
so I'm getting the username and password like (string a = data.Username, ...)
I already added this to my project but I don't know how to continue from here
using System.Security.Cryptography;
I know how to save in the DB for sure I just want to know, how to make a random salt (maybe using RNGCryptoServiceProvider), and how to add it to the user's password, and then hash the final result. Thanks for any help.
I did this way, and it's working fine.
I added a new class
public class Helper
{
public String CreateSalt(int size)
{
var rng = new RNGCryptoServiceProvider();
var buff = new byte[size];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}
public String GenerateSha256Hash(string input, string salt)
{
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(input + salt);
SHA256Managed shaString = new SHA256Managed();
byte[] hash = shaString.ComputeHash(bytes);
return BitConverter.ToString(hash);
}
}
}
And in my controller I added an instance of this class
Helper myHelper = new Helper();
Then I'm passing values to
string salt = myHelper.CreateSalt(5);
string hashedPassword = myHelper.GenerateSha256Hash(*PasswordField*, salt);
hashedPassword = hashedPassword.Replace("-", string.Empty).Substring(0, 16);
I'm removing the "-"from the hashed password and then I'm taking the first 16 characters.
Thanks to @Luke Joshua Park, @gusto2 , @JamesS and @CodeCaster for their help.
这篇关于如何对用户密码进行哈希处理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
