带盐的 MD5 哈希用于在 C# 中将密码保存在数据库中
您能否告诉我一些简单的算法,用于通过 MD5 哈希用户密码,但使用 salt 来提高可靠性。
现在我有这个:
private static string GenerateHash(string value)
{
var data = System.Text.Encoding.ASCII.GetBytes(value);
data = System.Security.Cryptography.MD5.Create().ComputeHash(data);
return Convert.ToBase64String(data);
}
Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability.
Now I have this one:
private static string GenerateHash(string value)
{
var data = System.Text.Encoding.ASCII.GetBytes(value);
data = System.Security.Cryptography.MD5.Create().ComputeHash(data);
return Convert.ToBase64String(data);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以使用 HMACMD5 类
: SHA-1、SHA256、SHA384、SHA512 和 RIPEMD160:
salt和password均应为字节数组。如果你有字符串,你必须先将它们转换为字节:
You can use the HMACMD5 class:
Works with SHA-1, SHA256, SHA384, SHA512 and RIPEMD160 as well:
Both
saltandpasswordare expected as byte arrays.If you have strings you'll have to convert them to bytes first:
除了上面提到的 HMACSHA1 类之外,如果您只需要一个快速加盐哈希,那么您已经完成了 95% 的工作:
真正的技巧是将盐存储在安全的位置,例如您的 machine.config。
In addition to the HMACSHA1 class mentioned above, if you just need a quick salted hash, then you're already 95% of the way there:
The real trick is storing the salt in a secure location, such as your machine.config.
微软已经为你完成了这项工作,但这需要一些挖掘。 安装 Web Service Extensions 3.0,并使用 Reflector 查看
Microsoft.Web.Services3.Security.Tokens.UsernameToken.ComputePasswordDigest函数。我想在这里发布该函数的源代码,但我不确定这样做是否合法。 如果有人能让我放心,我就会这么做。
Microsoft have done this work for you, but it takes a bit of digging. Install Web Service Extensions 3.0, and have a look at the
Microsoft.Web.Services3.Security.Tokens.UsernameToken.ComputePasswordDigestfunction with Reflector.I would like to post the source code to that function here, but I'm not sure if it's legal to do that. If anyone can reassure me then I will do so.