使用jQuery加密用户密码，并用C＃解密 [英] Encrypt user password with jquery and decrypt it with C#

问题描述

• 我不想使用SSL来的一个网站我建立加密注册和登入形式。


• 我没有钱支付证书。


• 我需要我的asp.net网站使用jQuery和解密使用enryption用C＃。

是否有人有一个例子，它是如何确保采用这种方法？

Does someone have an example and how is it secure to adopt this method?

推荐答案

如果你不使用SSL，那么你并不安全，但是这不是唯一的原因。

If you're not using SSL, then you're not secure, but that's not the only reason.

SSL 保护实际的通信，而加密保护您正在通信的数据。你不应该甚至全部被加密的密码。你应该做的信息硬化哈希。一个哈希是一个单向函数（无法逆转），而的加密是双向功能（可逆转）。哈希硬化和用途包括：

SSL protects the actual communication, whereas encryption protects the data you are communicating. You should not even be encrypting the passwords at all. You should be making a hardened hash of the information. A hash is a one-way function (cannot be reversed), whereas encryption is two-way function(can be reversed). Hash hardening and use includes:

• 迭代速度建立了一个散列，如 SHA512 一对夫妇一千次或使用类似 BCrypt 。


• 使用一个盐 - 喜欢的东西混杂每一个64位的数组用户，存储在数据库中会做


• 加密使用的应用程序层的关键在DB的键和盐 - 这意味着，如果你的数据库是采取，他们仍然需要从应用层的关键访问原始的哈希信息，以及盐。

• Iterating over a hash built for speed, such as SHA512 a couple of thousand times or using something like BCrypt.
• Use a salt - Something like a 64-bit array of jumble per user, stored in the database will do it
• Encrypt the keys and salts in the DB using a key in the application layer - This means if your database is taken, they would still need the key from the application layer to access the raw hash information, as well as the salts.

您必须记住，安全是内置的图层。跳过SSL，你跳过它的很大一部分。至少，你可以使用 makecert 来的创建一个自签名证书。所有这一切会发生的是，用户将被警告了。一个好的SSL证书的成本可以低至$ 12.99在 GoDaddy的。我建议得到之一，也是实现上述

You have to remember that security is built in layers. By skipping SSL, you're skipping a large portion of it. At the very least you can use makecert to create a self-signed certificate. All that will happen is that the user will be warned about it. A good SSL certificate can cost as little as $12.99 on GoDaddy. I recommend getting one as well as implementing the above.

这篇关于使用jQuery加密用户密码，并用C＃解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！