如何加密密码栏 [英] how to encrypt the password column

问题描述

我在SQL Server 2008 r2中有用户表.目前还没有加密的东西，但我至少希望对密码进行加密，直到应用程序准备就绪，可以更好地处理此问题.我可以这样做吗?手动对密码进行加密.

I have user table in SQL Server 2008 r2. Nothing there is encrypted yet but I would like to at the least encrypt the passwords until the app is ready that will handle this better. Can i do this and how? to manually make the passwords encrypted.

推荐答案

如果唯一的任务是验证用户输入的密码正确，则不应加密密码.您应该改为对它们进行哈希处理.您可以使用任何算法对它们进行哈希处理，但是我建议使用MD5，因为它非常安全. ¹ :)

You should not encrypt passwords if your only task is to verify that the password the user entered is correct. You should hash them instead. You could use any algorithm to hash them, but I recommend using MD5 because it is very secure.¹ :)

例如:

public string EncodePassword(string originalPassword)
{
//Declarations
Byte[] originalBytes;
Byte[] encodedBytes;
MD5 md5;

//Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash    (encoded password)
md5 = new MD5CryptoServiceProvider();
originalBytes = ASCIIEncoding.Default.GetBytes(originalPassword);
encodedBytes = md5.ComputeHash(originalBytes);

//Convert encoded bytes back to a 'readable' string
return BitConverter.ToString(encodedBytes);
}

¹ 编辑(不是原始答案作者):密码的MD5为考虑到不安全，应使用更可靠的算法.在阅读本文时，您应该对当代算法进行研究.这篇文章可能是一个很好的起点.

¹ Edit (not original answer author): MD5 for passwords is considered insecure and more robust algorithms should be used. You should do research into the contemporary algorithms at the point of reading this. This post might be a good starting point.

这篇关于如何加密密码栏的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！