这是用MD5加密密码的好方法吗? [英] Is this a good way to encrypt passwords with MD5?
问题描述
我以前从未加密的密码,这是我想出了这样做,用的这篇文章。本文不包括盐,所以我必须找出自己:
I have never encrypted a password before, and this is what I came up with to do it, with the aid of this article. The article didn't include salt, so I had to figure it out myself:
UTF8Encoding encoder = new UTF8Encoding();
byte[] salt = new byte[8];
new Random().NextBytes(salt);
byte[] encodedPassword = encoder.GetBytes(txtPassword.Text);
byte[] saltedPassword = new byte[8 + encodedPassword.Length];
System.Buffer.BlockCopy(salt, 0, saltedPassword, 0, 8);
System.Buffer.BlockCopy(encodedPassword, 0, saltedPassword, 8, encodedPassword.Length);
byte[] encryptedPassword = new MD5CryptoServiceProvider().ComputeHash(saltedPassword);
byte[] saltedEncryptedPassword = new byte[8 + encryptedPassword.Length];
System.Buffer.BlockCopy(salt, 0, saltedEncryptedPassword, 0, 8);
System.Buffer.BlockCopy(encryptedPassword, 0, saltedEncryptedPassword, 8, encryptedPassword.Length);
与 saltedEncryptedPassword
被存储在数据库中。正如你可能注意到了,我遇到了一些麻烦串联的字节数组一起那里的盐有关。我做了这个权利,或是否有更好的办法?谢谢你。
with saltedEncryptedPassword
being stored in the database. As you probably notice, I had some trouble concatenating the byte arrays together where the salt was involved. Have I done this right, or is there a better way? Thanks.
推荐答案
密码哈希值应慢,还不快。结果
更快的哈希,更快的攻击者可以通过密码字典运行。
Password hashes should be slow, not fast.
The faster the hash, the faster an attacker can run through a password dictionary.
所以,你不应该使用通用的哈希像SHA口令。
Therefore, you should never use general-purpose hashes like SHA for passwords.
相反,使用类似scrypt或的 PBKDF2 。
Instead, use proven slow techniques like scrypt or PBKDF2.
这篇关于这是用MD5加密密码的好方法吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!