用户类上的身份安全标记是否减少了存储哈希盐的需要?
[英]Does the Identity `SecurityStamp` on a `User` class lessen the need to store the hash salt?
问题描述
I've always stored the password hash and salt for most of my authentication sub-systems, but I notice the default IdentityUser class only has a hash and a Security stamp field, but no salt value. 
我一直为大多数身份验证子系统存储密码哈希值和盐值,但是我注意到默认的IdentityUser类仅具有哈希值和Security戳字段,而没有盐值。
Has storing the salt value fallen by the wayside, and does SecurityStamp add any safety in this regard, or should be extend the user and add a HashSalt field? 存储的盐值已经下降了, SecurityStamp在这方面是否增加了任何安全性,还是应该扩展用户并添加HashSalt字段?
1 个解决方案
解决方案1
4 已采纳 2015-12-04 00:14:09
Identity stores password hash and salt in the same field in the database. Identity将密码哈希和盐存储在数据库的同一字段中。 Here is a good explanation how it works: https://stackoverflow.com/a/20622428/809357 这是一个很好的解释,它是如何工作的: https : //stackoverflow.com/a/20622428/809357
As for Security Stamp - it has nothing to do with password or a hash. 至于安全图章-与密码或哈希无关。 This only indicates if information about the user have been changed in the database and is compared to the values in auth-cookies. 这仅指示有关用户的信息是否已在数据库中更改,并且已与auth-cookies中的值进行比较。 Security Stamp is put into auth-cookie as a claim. 将安全戳记为auth-cookie的声明。 Password hash is never present on the cookie. 密码哈希永远不会出现在cookie上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.