有关数据保护 API (DPAPI) 的信息 [英] information on Data Protection API (DPAPI)

问题描述

我目前正在编写一个 c# mvc web 应用程序，其中从用户那里获取密码并存储在数据库中 - sql server.我需要一种散列密码的方法.

I am currently writing a c# mvc web application in which password are being taken from a user and stored in a database - sql server. I need a way of hashing the passwords.

建议使用数据保护 API (DPAPI).我不熟悉它，从互联网上的研究来看，关于它的信息很少.

It has been recommended to be to use the Data Protection API (DPAPI). I am not familliar with it and from research on the internet, very little information exists on it.

任何人都可以指出方向以获取更多信息吗?或者给我一个关于如何设置和使用它等的概述.

Can anyone point in the direction for further information on it? OR give me an overview of how to set it up and work with it etc.

推荐答案

数据保护 API 主要用于保护用户凭据下的加密密钥和机密.如果您想在数据库中存储散列密码，那么 DAPI 并不是您真正想要的.

The Data Protection API is primarily used for protecting cryptographic keys and secrets under a users credentials. If you want to store hashed passwords in a database, the DAPI isn't really what you want.

ASP.NET 成员资格提供程序 用于管理用户，包括使用 salt 散列密码.不幸的是，似乎没有一种方法可以只返回散列密码，因此如果您不需要额外的功能，可能值得从 CodeFirst Membership Provider(请参阅源代码中的 Crypto.cs).这里的优点是这个 Membership Provider 使用 PBKDF2 来派生哈希，在给定轮数的情况下，它更能抵抗暴力攻击.这也是 StackOverflow 本身使用的方法.

The ASP.NET Membership Provider is used for managing users, including hashing passwords with a salt. Unfortunately there doesn't seem to be a method to just return a hashed password, so if you don't need the extra functionality, it might be worth extracting the relevant code from something like CodeFirst Membership Provider (See Crypto.cs in the Source Code). The advantage here is this Membership Provider uses PBKDF2 to derive the hash, which is more resistant to brute force attacks given the number of rounds. It's also the method StackOverflow itself uses.

这篇关于有关数据保护 API (DPAPI) 的信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！