在数据库中存储 SHA512 密码哈希值
在我的 ASP.NET Web 应用程序中,我使用 SHA512 对用户密码进行哈希处理。
尽管进行了很多搜索和谷歌搜索,但我不清楚应该如何将它们存储在数据库中(SQL2005) - 下面的代码显示了我如何将哈希创建为字符串的基础知识,并且我当前将其插入到将数据库写入 Char(88) 列,因为这似乎是一致创建的长度
将其保存为字符串是最好的方法,如果是这样,它在 SHA512 上将始终是 88 个字符(正如我在 上看到的一些奇怪的东西)谷歌)?
Dim byteInput As Byte() = Encoding.UTF8.GetBytes(sSalt & sInput)
Dim hash As HashAlgorithm = New SHA512Managed()
Dim sInsertToDatabase As String = Convert.ToBase64String(hash.ComputeHash(byteInput))
In my ASP.NET web app I'm hashing my user passwords with SHA512.
Despite much SO'ing and Googling I'm unclear how I should be storing them in the database (SQL2005) - the code below shows the basics of how I'm creating the hash as a string and I'm currently inserting it into the database into a Char(88) column as that seems to be the length created consistently
Is holding it as a String the best way to do it, if so will it always be 88 chars on a SHA512 (as I have seen some bizarre stuff on Google)?
Dim byteInput As Byte() = Encoding.UTF8.GetBytes(sSalt & sInput)
Dim hash As HashAlgorithm = New SHA512Managed()
Dim sInsertToDatabase As String = Convert.ToBase64String(hash.ComputeHash(byteInput))
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
SHA512 输出 512 位,即 64 字节。如果您愿意,可以将这 64 个字节存储在二进制列中。
如果您想在应用程序外部处理哈希,则存储 Base64 字符串会更方便,就像您现在所做的那样。 Base64 大约增加了 33% 的恒定开销,因此您可以预期字符串始终为 88 个字符。
也就是说,ASP.NET 有一个内置的相当全面的身份验证系统,你应该使用。
SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, if you so wished.
If you want to handle the hash outside your application is more comfortable to store a Base64 string, as you are doing now. Base64 adds roughly a 33% of constant overhead, so you can expect the string to be always 88 chars.
That said, ASP.NET has a fairly comprehensive authentication system builtin, which you should use.