这是用MD5加密密码的好方法吗？ [英] Is this a good way to encrypt passwords with MD5?

问题描述

我以前从未加密的密码，这是我想出了这样做，用的这篇文章。本文不包括盐，所以我必须找出自己：

I have never encrypted a password before, and this is what I came up with to do it, with the aid of this article. The article didn't include salt, so I had to figure it out myself:

        UTF8Encoding encoder = new UTF8Encoding();
        byte[] salt = new byte[8];
        new Random().NextBytes(salt);
        byte[] encodedPassword = encoder.GetBytes(txtPassword.Text);
        byte[] saltedPassword = new byte[8 + encodedPassword.Length];
        System.Buffer.BlockCopy(salt, 0, saltedPassword, 0, 8);
        System.Buffer.BlockCopy(encodedPassword, 0, saltedPassword, 8, encodedPassword.Length);
        byte[] encryptedPassword = new MD5CryptoServiceProvider().ComputeHash(saltedPassword);
        byte[] saltedEncryptedPassword = new byte[8 + encryptedPassword.Length];
        System.Buffer.BlockCopy(salt, 0, saltedEncryptedPassword, 0, 8);
        System.Buffer.BlockCopy(encryptedPassword, 0, saltedEncryptedPassword, 8, encryptedPassword.Length);

与 saltedEncryptedPassword 被存储在数据库中。正如你可能注意到了，我遇到了一些麻烦串联的字节数组一起那里的盐有关。我做了这个权利，或是否有更好的办法？谢谢你。

with saltedEncryptedPassword being stored in the database. As you probably notice, I had some trouble concatenating the byte arrays together where the salt was involved. Have I done this right, or is there a better way? Thanks.

推荐答案

密码哈希值应慢，还不快。结果
更快的哈希，更快的攻击者可以通过密码字典运行。

Password hashes should be slow, not fast.
The faster the hash, the faster an attacker can run through a password dictionary.

所以，你不应该使用通用的哈希像SHA口令。

Therefore, you should never use general-purpose hashes like SHA for passwords.

相反，使用类似scrypt或的 PBKDF2 。

Instead, use proven slow techniques like scrypt or PBKDF2.

这篇关于这是用MD5加密密码的好方法吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！