C＃密码加密 [英] C# Password Encryption

问题描述

我发现一些在线的代码对我正在努力做的相当不错。我需要一些加密密码的东西，将其保存到数据库中，轻松检索。以下代码几乎完成了我正在寻找的所有内容。

  string UserName = txtUser.Text; 
 string password = txtPass.Text; 
 
 string encrKey =keyvalue; 
 byte [] byteKey = {}; 
 byte [] IV = {25,47,60,88,99,106,125,139}; 
 byteKey = Encoding.UTF8.GetBytes（encrKey.Substring（0，8））; 
 DESCryptoServiceProvider des = new DESCryptoServiceProvider（）; 
 byte [] inputArray = Encoding.UTF8.GetBytes（password）; 
 
 MemoryStream ms = new MemoryStream（）; 
 CryptoStream cs = new CryptoStream（ms，des.CreateEncryptor（byteKey，IV），CryptoStreamMode.Write）; 
 cs.Write（inputArray，0，inputArray.Length）; 
 cs.FlushFinalBlock（）; 
 password = Convert.ToBase64String（ms.ToArray（））; 
 
 SqlCommand cmd = new SqlCommand（INSERT INTO USERS（UserName，Password）VALUES（@UserName，@Password），myConnection）; 
 cmd.CommandType = CommandType.Text; 
 
 cmd.Parameters.AddWithValue（@ UserName，UserName）; 
 cmd.Parameters.AddWithValue（@密码，密码）; 
 
 SqlDataReader rdr = cmd.ExecuteReader（）; 
  

我正在运行的问题是当密码为8个字符或更长时间时，代码错误。我得到这个错误：

System.Security.Cryptography.CryptographicException：指定的密钥对于该算法不是有效的大小。该错误是在Cryptostream行上生成的。

我需要为我的键使用其他类型吗？

解决方案

通常的做法是不要对数据库中的密码进行加密，而是将其加密。

当用户尝试登录时，您可以使用其输入的密码，将其哈希并与存储在数据库中的哈希进行比较。

行业标准散列算法是SHA-1，它在.NET中是可以使用的。

更高的安全性，您在散列中使用Salt。

您可以在这里阅读更多信息：盐渍您的密码：最佳做法？

I found some code online that works fairly well for what I am trying to do. I need something that will encrypt a password, save it to a database, and retrieve with ease. The below code does almost everything I am looking for.

        string UserName = txtUser.Text;
        string password = txtPass.Text;

        string encrKey = "keyvalue";
        byte[] byteKey = { };
        byte[] IV = {25, 47, 60, 88, 99, 106, 125, 139};
        byteKey = Encoding.UTF8.GetBytes(encrKey.Substring(0, 8));
        DESCryptoServiceProvider des = new DESCryptoServiceProvider();
        byte[] inputArray = Encoding.UTF8.GetBytes(password);

        MemoryStream ms = new MemoryStream();
        CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(byteKey, IV), CryptoStreamMode.Write);
        cs.Write(inputArray, 0, inputArray.Length);
        cs.FlushFinalBlock();
        password = Convert.ToBase64String(ms.ToArray());

        SqlCommand cmd = new SqlCommand("INSERT INTO USers (UserName, Password) VALUES (@UserName, @Password)", myConnection);
        cmd.CommandType = CommandType.Text;

        cmd.Parameters.AddWithValue("@UserName", UserName);
        cmd.Parameters.AddWithValue("@Password", password);

        SqlDataReader rdr = cmd.ExecuteReader();

The issue that I am running into is the code errors out when the password is 8 characters or longer. I get this error:

System.Security.Cryptography.CryptographicException: Specified key is not a valid size for this algorithm. The error is generated on the Cryptostream line.

Do I need to use a different type for my keys?

解决方案

The common practice is not to encrypt a password in the database but to hash it.
When the user attempts to login, you take his typed password, hash it and compare to the hash stored in your db.

The industry standard hashing algorithm is SHA-1, which is readly available in .NET.

For even greater security you use a "Salt" in your hashing.

You can read more about it here: Salting Your Password: Best Practices?

这篇关于C＃密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！