在C＃中的散列密码？ Bcrypt / PBKDF2 [英] Hash Password in C#? Bcrypt/PBKDF2

问题描述

我抬头一看MSDN和如何做到这一点的其他资源，但我想出了没有明确的解决方案。这是我发现的 http://blogs.msdn.com/b/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx?Redirected=true

I looked up msdn and other resources on how to do this but i came up with no clear solutions. This is the best i found http://blogs.msdn.com/b/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx?Redirected=true

我想用哈希在C＃中的密码或者bcrypt或PBKDF2（这似乎bcrypt相关）。我喜欢它是如何多轮需要为我的电脑哈希密码进行试验。但是一切似乎是约在大家对散列加密会谈。我不明白。我如何散列密码吗？它看起来更像PBKDF2（Rfc2898？）是一个随机数生成器和我使用GetBytes会（量）选择我的散列大小有多大。

I would like to hash passwords in C# using either bcrypt or PBKDF2 (which appears to be bcrypt related). I like to experiment with how many rounds it takes for my computer to hash a password. However everything seems to be about encrypting while everyone talks about hashing. I can't figure it out. How do i hash a password? It looks more like PBKDF2 (Rfc2898?) is a random number generator and i use GetBytes(amount) to choose how big my hash size is.

我很困惑。究竟我如何哈希与bcrypt / PBKDF密码吗？

I'm confused. How exactly do i hash a password with bcrypt/PBKDF?

推荐答案

您是非常接近实际。你给的链接显示您如何调用 Rfc2898DeriveBytes 功能获得PBKDF2哈希结果。但是，由一个事实，即例如使用用于加密目的导出密钥（原动机PBKDF1和2是创建适合于使用作为加密密钥密钥导出函数）揭去。当然，我们不希望使用加密，但由于其自身的哈希输出

PBKDF2

You were really close actually. The link you have given shows you how you can call the Rfc2898DeriveBytes function to get PBKDF2 hash results. However, you were thrown off by the fact that the example was using the derived key for encryption purposes (the original motivation for PBKDF1 and 2 was to create "key" derivation functions suitable for using as encryption keys). Of course, we don't want to use the output for encryption but as a hash on its own.

您可以尝试的SimpleCrytpo.NET 库编写。如果你看看实现，你可以看到，它实际上是只是一个简单包装的（你猜对了） Rfc2898DeriveBytes 。

You can try the SimpleCrytpo.NET library written for exactly this purpose if you want PBKDF2. If you look at the implementation, you can see that it is actually just a thin wrapper around (you guessed it) Rfc2898DeriveBytes.

您可以尝试命名为C＃实现（还有什么）的 BCrypt.NET ，如果​​你想用这种变异实验

You can try the C# implementation named (what else) BCrypt.NET if you want to experiment with this variant.

声明：我没有使用或测试的，我已经联系到...因人而异的库

Disclaimer: I have not used or tested any of the libraries that I have linked to... YMMV

这篇关于在C＃中的散列密码？ Bcrypt / PBKDF2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！