堆栈内存溢出
  简体   繁体   English

如何离线存储密码

[英]How to store passwords offline

 原文  2010-09-19 18:56:44       c#/ security/ hash/ passwords/ windows-phone-7

问题描述

Although this is focused on Windows Phone 7, I guess the principle is universal. 尽管这是针对Windows Phone 7的,但我认为该原理是通用的。 I would like to have a password protected zone within my app. 我想在我的应用程序中设置一个受密码保护的区域。 However, my application is completely offline and so I will have to store credential details on the phone. 但是,我的应用程序完全脱机,因此我将必须在手机上存储凭据详细信息。 My initial idea is to store a hash of the password and the salt. 我最初的想法是存储密码和盐的哈希值。 Would this be the best way to go? 这是最好的方法吗? If so, should the hash and salt be stored in plain text, or is there a way to ensure that even they are encrypted? 如果是这样,则哈希和盐值应以纯文本格式存储,还是有办法确保甚至将其加密? I understand that having the entire scheme on the phone will eventually be cracked, but what would be the best way to raise the barrier? 我了解将整个方案应用到电话中最终会被破解,但是提高壁垒的最佳方法是什么? thanks for any suggestions 感谢您的任何建议

3 个解决方案

解决方案1
 2  2010-09-19 18:59:42

Personally, I would encrypt the passwords with a salt that is based on a unique ID of the device (and, if possible, some custom user input like a really short password [dog, cat, bob] - that kind of thing). 就我个人而言,我将根据设备的唯一ID(并且在可能的情况下,使用一些自定义用户输入,例如很短的密码[dog,cat,bob]-这样的东西),以盐加密密码。

Just a suggestion. 只是一个建议。 Please don't downvote it if you don't feel it's the best one. 如果您不认为它是最好的,请不要投票。

解决方案2
 1 已采纳  2010-09-20 08:55:22

Yes, you should be storing a hash of the password and the salt. 是的,您应该存储密码和盐的哈希值。 If you were uncomfortable storing these in plain text you could symmetrically encrypt these details also. 如果您不满意将其以纯文本格式存储,则还可以对称地加密这些详细信息。 But then you'd have to store the symmetrical key somewhere also. 但随后,您还必须将对称密钥存储在某个位置。

When deciding which approach to take, consider the value of what is being secured/protected and the time it will take to encrypt/decrypt (althoug I doubt this will be an issue in your circumstances.) 在决定采用哪种方法时,请考虑所保护/保护的内容的价值以及加密/解密所需的时间(尽管我怀疑这在您的情况下会成为问题。)

As you mentioned, it's also important to remember that security is a process and not something you can do once and forget about. 正如您提到的,记住安全是一个过程,而不是您一次可以忘记的事情,也是很重要的。 It's important to review security practices periodically and keep up to date with changes in best practices and breaches. 定期检查安全性做法并及时了解最佳做法和违规的变化非常重要。

That said, I do hope that the security of the date on the phone will be good for many months at least. 也就是说,我确实希望手机上日期的安全性至少可以维持几个月。

解决方案3
 -2  2010-09-19 19:08:17

我只需要存储MD5。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在数据库表中存储密码 - How to store passwords in a database table 如何离线存储RoamingSettings? - How to store RoamingSettings offline? 如何存储信息,例如加密的密码,但不存储在哈希中 - How to store information like passwords encrypted but not in hash 在 Windows 中安全地存储密码 - Store passwords securely in Windows 将密码存储在cookie中是否安全? - Is it secure to store passwords in cookies? 创建登录屏幕,WPF,如何存储用户名和密码 - Creating a Login Screen, WPF, how to store usernames and passwords 如何安全地保护我的离线Windows存储应用程序凭据? - How to securely protect my offline windows store app credentials? 如何离线存储信息。 C#,统一 - How to store information offline. C#, Unity 如何在 ASP.NET Core 3.1 中将密码存储到我的邮件功能 - How do I store passwords to my mailfunciton in ASP.NET Core 3.1 如何对用户密码进行哈希处理? - How to hash users passwords?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM