C# - 存储用户密码进行比较 [英] C# - Storing user password for comparison

问题描述

我将用户登录加密的密码存储在数据库 (SQL Server) 中.由于 API 限制，密码需要在 C# 端加密，所以我不能使用数据库的内置加密.加密这些密码的最快/最简单的方法是什么，以便我可以将它们与用户稍后输入到第三方服务的内容进行比较?

I am storing user logon encrypted passwords in a database (SQL Server). Because of an API restriction, the passwords need to be encrypted on the C# end of things, so I can't use the database's built-in encryption. what is the fastest/easiest way to encrypt these passwords so I can compare them to what the user would have typed in to a third-party service later?

我是 C# 的新手，我知道密码永远不应该是纯文本，所以我想确保我拥有最高的安全性.我曾尝试使用 RSA.EncryptValue() 函数，但我对如何正确使用它感到很迷茫.

I am new to C# and I understand that passwords should never be in plain text so that's why I want to make sure I have the highest security. I have tried using the RSA.EncryptValue() function but I'm pretty lost as to how to use it correctly.

感谢任何帮助 - 提前致谢.

Any help is appreciated - thanks in advance.

-吉米

推荐答案

您不想加密和存储密码.您想生成一个哈希并存储它.然后，当用户登录时，您重新生成哈希并将其与存储在数据库中的哈希进行比较.

You don't want to encrypt and store passwords. You want to generate a hash and store that. Then, when a user is logging in, you regenerate the hash and compare it to the one stored in the database.

这个问题的答案 提供了如何在c#(一个答案包括有关执行加盐"哈希的信息).

The answers to this question provide examples of how one might hash a password in c# (one answer includes information on doing a "salted" hash).

这篇关于C# - 存储用户密码进行比较的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！