如何限制加密和加盐的长度?
[英]How to restrict the length of the encryption and salt?
问题描述
I'm currently using the SimpleEncrypto NuGet package to encrypt my passwords, like so: 
我目前正在使用SimpleEncrypto NuGet包来加密我的密码,如下所示:
var crypto = new SimpleCrypto.PBKDF2();
var encrypPass = crypto.Compute(user.Password);
var newUser = db.Users.Create();
newUser.PasswordSalt = crypto.Salt;
The trouble is the password and salt generated are about 100 characters, and I'm really just looking to keep it a lot shorter so it'll fit into a table in database. 麻烦的是密码和生成的盐大约100个字符,我真的只是想让它更短一些,以使其适合数据库中的表。 The user is only allowed to enter 20 characters max. 用户最多只能输入20个字符。
How to restrict the length of the encryption and salt? 如何限制加密和加盐的长度?
1 个解决方案
解决方案1
0 2014-08-24 13:17:49
First, you are not encrypting but hashing. 首先,您不是加密而是哈希。 You can truncate hashes to any length you like. 您可以将哈希表截短为任意长度。 Of course, you risk more collisions the more you truncate the hash. 当然,截断哈希值越多,冲突的风险就越大。
Just truncate the hash to 20 characters. 只需将哈希表截断为20个字符即可。 20 base64 characters should be enough strength for a password. 20个base64字符应该足以构成密码。 That's 6*20=120 bits of entropy which is probably more than the password of almost all users has. 这是6*20=120位的熵,可能比几乎所有用户的密码都多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.