ASP.NET使用MD5的哈希密码 [英] ASP.NET Hash password using MD5

问题描述

我有以下代码，其中输入用户输入的密码，然后将其存储在SQL Server数据库中：

I've got the following code, which hashes a password as inputted by the user, and subsequently stores it in an SQL Server database:

   Byte[] originalPassword;
   Byte[] hashedPassword;

   MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
   UTF8Encoding encoder = new UTF8Encoding();

   originalPassword = encoder.GetBytes(passwordBox.Text);
   hashedPassword = md5Hasher.ComputeHash(originalPassword);
   command.Parameters.Add(new SqlParameter("Password", hashedPassword));
   command.ExecuteNonQuery();

我的问题是我有一些明文密码已经存储在数据库中。由于它们显示为0xA99ED ....，因此我们如何将它们修改为这种新的散列格式？

推荐答案

任何散列函数的输出是字节的集合，而不是文本的集合。因此，当您输入文本作为测试时，您可能正在输入该字节数组的文本转换。简单地将其转换为二进制（16）是不正确的，你需要做一个适当的转换，这是你不能在SQL中做的事情。这也解释了为什么更改列的数据类型不起作用。

The output of any hash function is a collection of bytes, not a collection of text. So when you enter text as a test you are probably entering a text conversion of that byte array. Simply converting it in SQL to a binary(16) is not correct, you need to do a proper conversion, which is something you cannot do in SQL. This also explains why changing the datatype of the column doesn't work either.

当散列表示为字符串时，通常是通过每个字节的十六进制值，或通过字符设置编码器。为了在它们之间切换，你需要弄清楚哪一个正在使用，并在代码中执行转换，而不是通过切换SQL中的数据类型

When hashes are expressed as strings it's usually via hex values of each byte, or via a character set encoder. In order to switch between them you need to figure out which one is in use and perform the conversion in code, not by switching the datatypes in SQL

这篇关于ASP.NET使用MD5的哈希密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！