在安全代码中需要不同的字符 [英] Require Different Characters in a Security Code
问题描述
示例安全代码:
a35sfj9ksdf
如何向用户询问其安全码中的几个字符(例如第一,第四和第九个),然后检查这些?主要的困难在于如何以加密形式存储密码 - 如果我要分别存储每个字符,那么加密将非常容易中断。
How can I ask a user for several characters (e.g. first, forth and ninth) of their security code and then check these? The main difficulty comes in how do I store the seucurity code in an encrypted form - if I were to store each character individually, then the encryption would be incredibly easy to break.
推荐答案
这种描述既不在这里也不在如何存储和验证从PIN /密码随机选择的数字是这样的:
A possibility that was described neither here nor at How to store and verify digits chosen at random from a PIN/Password is this:
- 创建一个与seucrity代码相同长度的随机盐(这里是
11) - 将盐与用户存放
- 对于安全代码的每个字符,将相应的char
替换为来自安全代码的char,并将其安全地哈希 - 将这些散列与用户
- Create a random salt of the same length as the seucrity code (here 11)
- Store the salt with the user
- for every char of the security code, replace the corresponding char of the salt with the char from the security code and hash it securely
- store these hashes with the user
现在,您必须存储长度为n的安全代码的可管理数量的n + 1个字段,并且仍然可以验证单个(位置,char)元组
Now you have to store the manageable quantity of n+1 fields for a security code of length n and can still verify single (position,char) tuples
这篇关于在安全代码中需要不同的字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!