[Sql-Server]密码盐和哈希值使用什么数据类型以及什么长度? [英] [Sql-Server]what data type to use for password salt and hash values and what length?

问题描述

我正在使用我的密码生成盐值和哈希值，

I am generating salt and hash values from my passwords by using,

string salt = CreateSalt(TxtPassword.Text.Length);
string hash = CreatePasswordHash(TxtPassword.Text, salt);

private static string CreateSalt(int size)
{
    //Generate a cryptographic random number.
    RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
    byte[] buff = new byte[size];
    rng.GetBytes(buff);

    // Return a Base64 string representation of the random number.
    return Convert.ToBase64String(buff);
}

private static string CreatePasswordHash(string pwd, string salt)
{
    string saltAndPwd = String.Concat(pwd, salt);
    string hashedPwd =
     FormsAuthentication.HashPasswordForStoringInConfigFile(
     saltAndPwd, "sha1");

    return hashedPwd;
}

您建议在 sql server 中存储这些值的数据类型是什么?任何建议...

What datatype you would suggest for storing these values in sql server? Any suggestion...

盐:9GsPWpFD

哈希:E778AF0DC5F2953A00B35B35D80F6262CDBB8567

推荐答案

ASPNET_DB 这么说 - 不会出错.

ASPNET_DB says this - can't go wrong.

Password nvarchar(128) NOT NULL,
PasswordSalt nvarchar(128) NOT NULL,

虽然 128 看起来很多，但各种类型的加密可能会产生比您开始时更大的字符串.绝对没有理由不跟随那些花费数千工时开发 asp.net 会员系统的非常聪明的人.

while 128 may seem like a lot, various types of encryption can result in larger strings than you started out with. There is absolutely no reason not to follow the lead of the very smart people who have spend thousands of man hours developing the asp.net membership system.

这篇关于[Sql-Server]密码盐和哈希值使用什么数据类型以及什么长度?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！