MVC 3 Crypto Helper——这会增加额外的保护以使密码更安全吗?
A
string salt = Crypto.GenerateSalt();
string saltAndPwd = String.Concat(originalPassword, salt);
string hashedPwd = Crypto.HashPassword(saltAndPwd);
B
string hashedPwd = Crypto.HashPassword(originalPassword);
请问方法A和方法B哪个更安全?或者哪个是正确的方法?使用反射器,我发现这是核心中的哈希密码方法:
public static string HashPassword(string password)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
return HashWithSalt(password, GenerateSaltInternal(0x10));
}
A
string salt = Crypto.GenerateSalt();
string saltAndPwd = String.Concat(originalPassword, salt);
string hashedPwd = Crypto.HashPassword(saltAndPwd);
B
string hashedPwd = Crypto.HashPassword(originalPassword);
May i know Method A and Method B, which is more secure ? or which is the correct approach ? with reflector, i found this is the hash password method in the core :
public static string HashPassword(string password)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
return HashWithSalt(password, GenerateSaltInternal(0x10));
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
由于使用盐的主要目的是击败彩虹表,因此在
HashPassword已经做的事情上添加额外的盐似乎不会给你带来太多好处,只会产生额外的开销(因为你有存储您自己生成的盐,HashPassword将其构建到返回值中)。作为参考,HashPassword的作用如下:因此,简而言之,框架中的内容对于任何“足够好”的合理定义来说已经足够好了。
As the main purpose of using a salt is to defeat rainbow tables, adding additional salt to what
HashPasswordalready does doesn't seem like it will gain you much benefit, and only incur additional overhead (as you have to store the salt you generate yourself.HashPasswordbuilds it into the returned value). For reference, this is whatHashPassworddoes:So, in short, what's in the framework already is good enough for any reasonable definition of good enough.