在数据库中存储SHA512密码哈希 [英] Storing a SHA512 Password Hash in Database

问题描述

在我的ASP.NET网络应用程序中，我用SHA512哈希我的用户密码。

In my ASP.NET web app I'm hashing my user passwords with SHA512.

尽管很多SO'ing和Google搜索我不清楚我应该将它们存储在数据库（SQL2005）中 - 下面的代码显示了如何以字符串形式创建哈希的基础知识，我目前将其插入到数据库中的Char（88）列中，这似乎是长度一致地创建

Despite much SO'ing and Googling I'm unclear how I should be storing them in the database (SQL2005) - the code below shows the basics of how I'm creating the hash as a string and I'm currently inserting it into the database into a Char(88) column as that seems to be the length created consistently

它是一个字符串最好的方法，如果是这样将总是88个字符在SHA512（因为我看到一些奇怪的东西谷歌）？

Is holding it as a String the best way to do it, if so will it always be 88 chars on a SHA512 (as I have seen some bizarre stuff on Google)?

 Dim byteInput As Byte() = Encoding.UTF8.GetBytes(sSalt & sInput)
 Dim hash As HashAlgorithm = New SHA512Managed()
 Dim sInsertToDatabase As String =  Convert.ToBase64String(hash.ComputeHash(byteInput))

推荐答案

SHA512输出512位或64字节。您可以将这64个字节存储在二进制列中，如果您愿意的话。

SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, if you so wished.

如果你想处理你的应用程序之外的哈希值更容易存储一个Base64字符串，就像你现在做的一样。 Base64添加了大约33％的常量开销，所以你可以期望字符串总是88个字符。

If you want to handle the hash outside your application is more comfortable to store a Base64 string, as you are doing now. Base64 adds roughly a 33% of constant overhead, so you can expect the string to be always 88 chars.

也就是说，ASP.NET有一个相当全面的验证系统内置，您应该使用。

That said, ASP.NET has a fairly comprehensive authentication system builtin, which you should use.

这篇关于在数据库中存储SHA512密码哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！