储存密码的最佳方法(无数据库或纯文本)?
[英]Best way to store password (no database or plain text)?
问题描述
Is there a way to store passwords securely in C# without the use of a database? 
有没有一种方法可以在不使用数据库的情况下将密码安全地存储在C#中? I want the application to not have to rely on a database, but I do not want to store the password in plain text. 我希望应用程序不必依赖数据库,但是我不想以纯文本形式存储密码。 For example, I currently do something like: 例如,我目前正在执行以下操作:
public static string username = "george";
public static string password = "password";
I'd like the easiest and securest way to store it otherwise. 我想要一种最简单,最安全的方式来存储它。 The application does not need a database for any other purpose, so I'm simply trying to avoid introducing a database for the purpose of storing only a single piece of information. 该应用程序不需要任何其他目的的数据库,因此我只是在尝试避免出于仅存储一条信息的目的而引入数据库。
1 个解决方案
解决方案1
1 2015-04-05 19:41:31
See SecureString , which gives you access to a variety of string manipulation while encrypting the data in memory to prevent local memory attacks. 请参阅SecureString ,它使您可以在加密内存中的数据时访问各种字符串操作,以防止本地内存攻击。
If you're interested in the persisting of passwords, it's common to hash and then save the password, and then locally perform the same hash when a login is attempted, comparing the hashed data instead of the raw text. 如果您对密码的持久性感兴趣,通常先进行哈希处理然后保存密码,然后在尝试登录时在本地执行相同的哈希处理,比较哈希数据而不是原始文本。 This way, An incorrect password is rejected, but the correct password will hash to the stored value. 这样,不正确的密码将被拒绝,但是正确的密码将哈希到存储的值。
As for storing the data, consider storing it as a setting . 至于存储数据,请考虑将其存储为设置 。
Note that cryptography and "how to store passwords safely" is a huge subject and something you should research. 请注意,密码学和“如何安全存储密码”是一个巨大的主题,您应该研究。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.