在旧版SQL Server数据库中加密密码字段的简单方法
[英]Simple way to Encrypt Password Field in Legacy SQL Server Database
问题描述
We have a legacy application that is storing the user's passwords down in the database unencrypted. 
我们有一个遗留应用程序,用于将用户密码存储在未加密的数据库中。 We've had a fair few customers come onboard now which encrypting this password is a big deal to them (fair enough). 我们现在有很多客户登机,加密这个密码对他们来说是个大问题(足够公平)。 Currently it's just a Nvarchar(100) field inside an SQL Server database table. 目前,它只是SQL Server数据库表中的Nvarchar(100)字段。
The situation is that we have multiple client applications accessing this database and validating against this password. 情况是我们有多个客户端应用程序访问此数据库并验证此密码。
Just wanting to get advice on how we can achieve encryption on this field in the database without having to rewrite all the client applications that read off of it? 只想获得有关如何在数据库中对此字段实现加密的建议,而无需重写所有读取它的客户端应用程序? It's not out of the question to change the client applications but we're trying to get away with this with as little fuss as possible. 改变客户端应用程序并不是不可能的,但我们正试图尽可能少地摆脱困境。
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 已采纳 2016-06-07 22:25:36
Do not do that , store salted, iterated HMACs of the passwords. 不要这样做 ,存储密码的盐渍,迭代HMAC。 Use something like Bcrypt, password_hash, PBKDF2 or similar. 使用像Bcrypt,password_hash,PBKDF2或类似的东西。
If the HMAC is not salted and iterated it is not sufficient. 如果HMAC没有被盐渍和迭代,那是不够的。 Simply hashing without salting leaves the hashed passwords open to rainbow table attacks. 简单地在没有盐析的情况下进行散列会使散列密码对彩虹表攻击开放。
Convert the existing passwords now . 现在转换现有密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.