[英]Does the Identity `SecurityStamp` on a `User` class lessen the need to store the hash salt?
I've always stored the password hash and salt for most of my authentication sub-systems, but I notice the default IdentityUser
class only has a hash and a Security
stamp field, but no salt value. 我一直为大多数身份验证子系统存储密码哈希值和盐值,但是我注意到默认的IdentityUser
类仅具有哈希值和Security
戳字段,而没有盐值。
Has storing the salt value fallen by the wayside, and does SecurityStamp
add any safety in this regard, or should be extend the user and add a HashSalt
field? 存储的盐值已经下降了, SecurityStamp
在这方面是否增加了任何安全性,还是应该扩展用户并添加HashSalt
字段?
Identity stores password hash and salt in the same field in the database. Identity将密码哈希和盐存储在数据库的同一字段中。 Here is a good explanation how it works: https://stackoverflow.com/a/20622428/809357 这是一个很好的解释,它是如何工作的: https : //stackoverflow.com/a/20622428/809357
As for Security Stamp - it has nothing to do with password or a hash. 至于安全图章-与密码或哈希无关。 This only indicates if information about the user have been changed in the database and is compared to the values in auth-cookies. 这仅指示有关用户的信息是否已在数据库中更改,并且已与auth-cookies中的值进行比较。 Security Stamp is put into auth-cookie as a claim. 将安全戳记为auth-cookie的声明。 Password hash is never present on the cookie. 密码哈希永远不会出现在cookie上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.