如何对密码进行哈希处理?
[英]How to hash a password?
4 个解决方案
解决方案1
10 2010-05-11 19:38:30
You should use bcrypt , which is more secure for passwords than SHA512. 
您应该使用bcrypt ,它比SHA512更为安全。
If you really need to use SHA512, you should use the SHA512Managed class , as other answers have mentioned. 如果确实需要使用SHA512,则应该使用SHA512Managed类 ,如其他答案所述。
Make sure to salt your hash. 确保对哈希值加盐。
解决方案2
10 已采纳 2010-05-11 19:39:35
Quite a simple process really: 确实是一个简单的过程:
byte[] data = Encoding.UTF8.GetBytes(stringPasswordForExample);
using(SHA512 sha512 = new SHA512Managed())
{
byte[] hash = sha512.ComputeHash(data); // Add Per User Salt as per the Below
}
hash now contains a non-reversable hash of the initial data that you wanted hashed. hash现在包含要哈希的初始数据的不可逆哈希。 Also, check out MSDN . 另外,请查看MSDN 。 A few notes: 一些注意事项:
- Always use a salt (the longer the better, and unique per user - Thanks Paul, good point.) 始终使用盐 (时间越长越好,并且每个用户唯一)-感谢Paul,很好。
- SHA2* generation (and SHA in general) hash methods are built for speed, so they are not insecure, but they are not the most secure. SHA2 *生成(通常为SHA)散列方法是为提高速度而构建的,因此它们并不是不安全的,但是它们并不是最安全的。 Look at bcrypt as well as SLaks has mentioned . 看看bcrypt以及SLaks 提到过的 。
解决方案3
7 2010-05-11 19:49:21
how to hash a password?
With a salt. 加盐。 Really. 真。
Never, ever do this: 永远不要做:
byte[] data = Encoding.UTF8.GetBytes(stringPasswordForExample);
But this: 但是这个:
byte[] data = Encoding.UTF8.GetBytes(stringPasswordForExample + salt);
This is one the most misunderstood "trick of the trade". 这是最被误解的“交易技巧”之一。 Most people don't know what a "salt" is and when you explain it to them, they think it's pointless. 大多数人不知道“盐”是什么,当您向他们解释时,他们认为这毫无意义。
Truth is: SHA-512 or MD5 or some very weak hash, once rainbow tables are precomputed, doesn't make any difference. 事实是:一旦预先计算了彩虹表,SHA-512或MD5或一些非常弱的哈希值就不会有任何区别。 SHA-65536, should it exist (I'm being facetious here), would be no better than any other hashing algorithm once rainbow tables are precomputed. SHA-65536(如果存在的话)(我在这里很滑稽)一旦预先计算了彩虹表,就不会比任何其他哈希算法好。
A big enough "salt" makes rainbow tables impossible: 足够大的“盐”使彩虹表不可能:
http://en.wikipedia.org/wiki/Rainbow_table http://en.wikipedia.org/wiki/彩虹表
Note that even if you understand fully how hashes, salt and rainbow tables relate (and hence understand why the Wikipedia article states: "A salt is often employed with hashed passwords to make this attack more difficult, often infeasible." ) there's a very high probability that your co-workers don't. 请注意,即使您完全了解哈希表,盐表和彩虹表之间的关系(并因此理解了Wikipedia文章为何如此说: “盐经常与哈希密码一起使用,使这种攻击更加困难,通常是不可行的。” )您的同事没有的可能性。 Just as it is very likely that most people up and downvoting in this thread don't understand this topic. 就像大多数人在此主题中上上下下的投票很可能都不了解此主题。
I've seen answers here on SO with 30 upvotes where someone who couldn't understand what a salt was kept up coming with techno-buzzwords to defend his position... And yet he had all these upvotes (too lazy to find the question but it was epic). 我在这里看到了30种支持方式的答案,其中有些人不明白为什么要用技术术语来捍卫他的立场而不断加盐……而他却拥有所有这些支持方式(太懒了以至于找不到问题但那是史诗般的)。
解决方案4
1 2010-05-11 19:37:02
C# example from that page: 该页面的C#示例:
byte[] data = new byte[DATA_SIZE];
byte[] result;
SHA512 shaM = new SHA512Managed();
result = shaM.ComputeHash(data);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.