在安全代码中需要不同的字符 [英] Require Different Characters in a Security Code

问题描述

示例安全代码：

a35sfj9ksdf

如何向用户询问其安全码中的几个字符（例如第一，第四和第九个），然后检查这些？主要的困难在于如何以加密形式存储密码 - 如果我要分别存储每个字符，那么加密将非常容易中断。

How can I ask a user for several characters (e.g. first, forth and ninth) of their security code and then check these? The main difficulty comes in how do I store the seucurity code in an encrypted form - if I were to store each character individually, then the encryption would be incredibly easy to break.

推荐答案

这种描述既不在这里也不在如何存储和验证从PIN /密码随机选择的数字是这样的：

A possibility that was described neither here nor at How to store and verify digits chosen at random from a PIN/Password is this:

• 创建一个与seucrity代码相同长度的随机盐（这里是
  11）


• 将盐与用户存放


• 对于安全代码的每个字符，将相应的char
  替换为来自安全代码的char，并将其安全地哈希


• 将这些散列与用户

• Create a random salt of the same length as the seucrity code (here 11)
• Store the salt with the user
• for every char of the security code, replace the corresponding char of the salt with the char from the security code and hash it securely
• store these hashes with the user

现在，您必须存储长度为n的安全代码的可管理数量的n + 1个字段，并且仍然可以验证单个（位置，char）元组

Now you have to store the manageable quantity of n+1 fields for a security code of length n and can still verify single (position,char) tuples

这篇关于在安全代码中需要不同的字符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！