[sql-Server]用什么数据类型来设置密码盐和哈希值以及长度是多少?
[英][Sql-Server]what data type to use for password salt and hash values and what length?
问题描述
I am generating salt and hash values from my passwords by using, 
我通过使用我的密码生成salt和hash值,
string salt = CreateSalt(TxtPassword.Text.Length);
string hash = CreatePasswordHash(TxtPassword.Text, salt);
private static string CreateSalt(int size)
{
//Generate a cryptographic random number.
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
// Return a Base64 string representation of the random number.
return Convert.ToBase64String(buff);
}
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(
saltAndPwd, "sha1");
return hashedPwd;
}
What datatype you would suggest for storing these values in sql server? 您建议在sql server中存储这些值的数据类型是什么? Any suggestion... 任何建议......
Salt: 9GsPWpFD 盐: 9GsPWpFD
Hash: E778AF0DC5F2953A00B35B35D80F6262CDBB8567 哈希: E778AF0DC5F2953A00B35B35D80F6262CDBB8567
2 个解决方案
解决方案1
8 已采纳 2010-05-19 05:24:11
ASPNET_DB says this - can't go wrong. ASPNET_DB说这个 - 不会出错。
Password nvarchar(128) NOT NULL,
PasswordSalt nvarchar(128) NOT NULL,
while 128 may seem like a lot, various types of encryption can result in larger strings than you started out with. 128可能看起来很多,各种类型的加密可能会导致比你开始时更大的字符串。 There is absolutely no reason not to follow the lead of the very smart people who have spend thousands of man hours developing the asp.net membership system. 绝对没有理由不跟随那些花费数千小时开发asp.net会员系统的聪明人的领导。
解决方案2
1 2010-05-19 05:40:45
我们将密码存储为二进制SHA512哈希
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.