Scrypt和Cryptsharp的示例代码 [英] Example code for Scrypt and Cryptsharp

问题描述

我已经通过Google搜索，我找不到使用 Cryptsharp 库。

I have searched all over Google and I can't find a code sample of Scrypt usage (for hashing a password) using the Cryptsharp library.

您可以提供散列密码的示例吗？

Can you please provide a sample for hashing the password?

推荐答案

只有单次通话，所以我'参考参数：

It's only a single call so I'll walk you through the parameters:

1. 键：这是你的密码，使用UTF-8编码（无字节顺序标记）将密码编码为字节数组;


2. salt ：一串安全随机字节存储与scrypt函数的结果，16字节应该是充足的;


3. 成本：给定的建议是262144，但你如果您的服务器可以处理额外的负载，可能需要增加该值;


4. blockSize ：看到成本，给定的建议是8;


5. 并行：我会保持为1，除非你想尝试多线程;


6. maxThreads ：一般来说 null 将会做得很好;


7. derivedKeyLength ：好的，这取决于密码128应该是充足的，您的密码不可能有超过128位的安全性。

1. key: this is your password, use UTF-8 encoding (without byte order mark) to encode your password into a byte array;
2. salt: a string of secure random bytes stored with the result of the scrypt function, 16 bytes should be ample;
3. cost: the given suggestion is 262144, but you may want to increase that value if your server can handle the additional load;
4. blockSize: see cost, the given suggestion is 8;
5. parallel: I would keep this to 1 unless you want to experiment with multi-threading;
6. maxThreads: in general null will do nicely;
7. derivedKeyLength: well, that depends, for passwords 128 should be ample though, it's unlikely that your password has more than 128 bits of security.

您应至少存储盐和结果。您可能希望使用base 64编码，如果要将它们存储为字符串。

You should store at least the salt and result. You may want to use base 64 encoding if you want to store them as strings.

我建议您另存一个数据：一个版本的密码密钥导出方案（PBKDF）。说，使用scrypt，使用给定的密钥编码，盐大小，成本，块大小等，将其设置为 1 。在这种情况下，您可以稍后升级您的方案（您需要用户提供他/她的密码来执行此操作，因此您必须在线执行此操作，所以您最终将同时进行多个计划的运行）。

I would recommend you to store one additional piece of data: a version of your password based key derivation scheme (PBKDF). Say, set it to 1 for using scrypt, using the given key encoding, salt size, cost, blocksize etc. In that case you can upgrade your scheme later on (you need the user to supply his/her password to do this, so you will have to do this online, so you will end up having multiple schemes operational at the same time).

请注意，您可以链接PBKDF函数调用，因此您可以使用原始的PBKDF输出并将其用作下一个PBKDF的输入。在这种情况下，用户不必提供密码（这个提示来自于另一个问题的CodesInChaos）。

Note that you may chain PBKDF function calls, so you could use the original PBKDF output and use that as input for the next PBKDF. In that case the user doesn't have to supply the password (this hint was taken from CodesInChaos on another question).

这篇关于Scrypt和Cryptsharp的示例代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！