如何存储密码离线 [英] How to store passwords offline

问题描述

哎。
虽然这是专注于Windows Phone 7的，我猜的原则是普遍的。我想有我的应用程序中的一个密码保护区。但是，我的应用程序是完全脱机，所以我将不得不凭证详细信息存储在手机上。我最初的想法是存储密码和盐的哈希值。这会是最好的方法去？如果是这样，应该哈希和盐储存在纯文本，还是有办法确保即使在加密？据我所知，有在手机上的整个计划最终会被破解，但什么是提高屏障的最好方法？感谢您的任何建议。

Hey. Although this is focused on Windows Phone 7, I guess the principle is universal. I would like to have a password protected zone within my app. However, my application is completely offline and so I will have to store credential details on the phone. My initial idea is to store a hash of the password and the salt. Would this be the best way to go? If so, should the hash and salt be stored in plain text, or is there a way to ensure that even they are encrypted? I understand that having the entire scheme on the phone will eventually be cracked, but what would be the best way to raise the barrier? thanks for any suggestions

推荐答案

是的，你应该存储密码和盐的哈希值。如果你不舒服的以纯文本格式存储这些你能对称加密也是这些细节。但你不得不店也对称密钥的地方。

Yes, you should be storing a hash of the password and the salt. If you were uncomfortable storing these in plain text you could symmetrically encrypt these details also. But then you'd have to store the symmetrical key somewhere also.

在决定采取哪种方法，考虑被保护/保护工作的价值和它的时间将采取加密/解密（althoug我怀疑这将是你的情况的问题。）

When deciding which approach to take, consider the value of what is being secured/protected and the time it will take to encrypt/decrypt (althoug I doubt this will be an issue in your circumstances.)

正如你所提到的，同样重要的是要记住，安全是一个过程，不是你可以做一次，忘了。重要的是要定期审查安全实践，并不断更新与最佳做法和违规行为的改变是很重要的。

As you mentioned, it's also important to remember that security is a process and not something you can do once and forget about. It's important to review security practices periodically and keep up to date with changes in best practices and breaches.

这是说，我希望在手机上的日期的安全性会很好，至少数月。

That said, I do hope that the security of the date on the phone will be good for many months at least.

这篇关于如何存储密码离线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！