简单的ASP.NET密码哈希类麻烦
[英]Simple ASP.NET password hashing class troubles
问题描述
I am attempting to apply some security to a project I'm completing for college. 
我正在尝试对即将完成的大学项目应用某种安全性。 This security is somewhat glancing so I'm tempted to give up, save passwords as plaintext or converted to base64, and do something more user-obvious. 这种安全性在某种程度上是一目了然的,因此我很想放弃,将密码另存为纯文本或转换为base64,然后做一些更明显的用户操作。
Before I give up, I'm asking SO. 在我放弃之前,我要问。 This is my first attempt at asking anything here so please be gentle. 这是我第一次尝试在此处提出任何问题,因此请保持谨慎。
I decided that implementing this MSDN code wouldn't be too hard. 我认为实现此MSDN代码并不难。 http://msdn.microsoft.com/en-us/library/aa545602%28v=cs.70%29.aspx http://msdn.microsoft.com/zh-cn/library/aa545602%28v=cs.70%29.aspx
Turns out, it really is. 事实证明,确实如此。 I'm getting the error 我遇到了错误
System.FormatException: Input string was not in a correct format.
For code 对于代码
binarySaltValue[0] = byte.Parse( salt.Substring( 0, 2 ), System.Globalization.NumberStyles.HexNumber, CultureInfo.InvariantCulture.NumberFormat );
I'm going to be honest, I don't fully understand this code. 老实说,我不完全了解此代码。
- What is SaltValueSize supposed to be? SaltValueSize应该是什么? The provided code doesn't supply it, neither do any References. 提供的代码不提供它,也不提供任何引用。 Also it's capitalised, so is it an object? 还要大写,所以它是对象吗? Or a field in some object somewhere? 还是某个对象中某个字段的某个地方?
- The variable "hash" is not defined anywhere, so I just filled it with new MD5CryptoServiceProvider(). 变量“哈希”没有在任何地方定义,因此我只用新的MD5CryptoServiceProvider()填充了它。 Is this a mistake? 这是一个错误吗?
- If I'm reading it right, the string "salt" is supposed to hold binary, but it doesn't at runtime, it has garbled text, meanwhile the line everything crashed at is trying to parse binary from "salt"? 如果我没看错的话,字符串“ salt”应该保留二进制,但是在运行时却没有,它的文本乱码,同时所有崩溃的行都试图从“ salt”解析二进制? Why? 为什么?
If anyone can fix this or supply an idiot-proof asynchronous hashing class I'd appreciate it. 如果有人可以解决此问题或提供防白痴的异步哈希类,我将不胜感激。
( apologies for my random user name, I have no idea how that happened ) (对我的随机用户名表示歉意,我不知道这是怎么发生的)
1 个解决方案
解决方案1
1 已采纳 2013-11-13 21:16:51
Here's a basic method (no salt) to at least get you started. 这是至少可以帮助您入门的基本方法(无盐)。 It just "hashes" the string coming in. 它只是“哈希”输入的字符串。
private string GetHashedString(string _PW)
{
string _HashedPW = "";
SHA512 sha = new SHA512CryptoServiceProvider();
byte[] result;
StringBuilder strBuilder = new StringBuilder();
sha.ComputeHash(ASCIIEncoding.ASCII.GetBytes(_PW));
result = sha.Hash;
for (int i = 0; i < result.Length; i++)
{
strBuilder.Append(result[i].ToString("x2"));
}
_HashedPW = strBuilder.ToString();
return _HashedPW;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.