asp.net密钥库的密码存储？ [英] asp.net keystore for password storage?

问题描述

我知道，加密密码可存储在web.config或哈希和盐渍的密码可以存储在数据库中，但是它可以存储密码的东西就像一个密钥库？

I know that encrypted passwords can be stored in the web.config or hashed and salted passwords can be stored in a database, but is it possible to store passwords in something like a keystore?

请问一个密钥库，甚至是存储服务帐户由一个应用程序所需要的密码是个好主意？

Would a keystore even be a good idea to store 'service account' passwords that are needed by an application?

推荐答案

最接近模拟在.NET / Windows世界中一个Java密钥是DPAPI（的 http://en.wikipedia.org/wiki/Data_Protection_API ）。它存储加密值在Windows注册表中，从系统或用户帐户级别的密钥导出加密密钥。

The closest analogue to a Java keystore in .NET/Windows world is DPAPI (http://en.wikipedia.org/wiki/Data_Protection_API). It stores encrypted values in the Windows registry, with the encryption key derived from system or user account level secrets.

这是相当广泛使用，虽然纸在2010年的黑帽大会DC发布详细反对裂纹（<一个href=\"https://docs.google.com/fileview?id=0B9MkvtnWPqvEMmI2NWU1YTUtZDIyMC00Mjk3LWEyZGUtOGM2YzA3NzUzMTk2&hl=fr&pli=1\"相对=nofollow>谷歌文档）。

It is in fairly wide use, though a paper was released at the 2010 Black Hat DC Conference detailing a crack against it (Google Docs).

在这之前的纸张（如果MS修复它在某个时候）我会强烈建议DPAPI整整你所描述的。

Prior to that paper (and if MS fixes it at some point) I would highly recommend DPAPI for exactly what you are describing.

在这一点上，使用DPAPI可能是（不幸）的最佳选择。一个缓解因素是，破解技术性强，难以执行，并且需要相当多的操作系统访问的决绝。若违反一个DPAPI关键的是最有可能被由受信任内部人员与访问系统被拉断，相对于外部攻击者

At this point, using DPAPI is probably (and unfortunately) the best option. A mitigating factor is that the crack is highly technical, difficult to execute, and requires quite a bit of OS access to pull off. A breach of a DPAPI key is most likely to be pulled off by a trusted insider with access to the system, as opposed to an external attacker.

这篇关于asp.net密钥库的密码存储？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！