堆栈内存溢出
  简体   繁体   English

什么是用于在数据库中存储密码哈希或在网络上传输密码哈希的良好编码

[英]what is a good encoding to use for storing password hashes in DB or transferring them on a network

 原文  2010-12-16 22:17:25       c#/ .net/ encryption/ encoding/ cryptography

问题描述

we have a wcf authentication service and a .net c# CAB client. 我们有一个wcf身份验证服务和一个.net c#CAB客户端。 The service is responsible for saving and verifying user password hashes. 该服务负责保存和验证用户密码哈希。 It is also required that the hashes be stored in a readable format. 还要求散列以可读格式存储。 Also, we will need to send hashes from the client to the service for verification. 另外,我们需要将哈希从客户端发送到服务以进行验证。 So is using a Base64 encoding for storage and transfer a good choice? 那么使用Base64编码进行存储和传输是否是一个不错的选择? what are the advantages and disadvantages of using this versus other encoding? 与其他编码相比,使用此编码有什么优点和缺点?

3 个解决方案

解决方案1
 1 已采纳  2010-12-16 22:23:18

You need something that can encode arbitrary octets, not something that just encodes text (some bit patterns are invalid in UTF-16 for example). 您需要可以对任意八位位组进行编码的内容,而不是仅对文本进行编码的内容(例如,某些位模式在UTF-16中无效)。

So really two options to encode binary as text: 因此,实际上有两个选项可将二进制编码为文本:

  • Base 64 基数64
  • Hex 十六进制

As hex needs two text characters for each octet, while base64 needs about 1.3, the choice would be base64 unless there is some reason not to. 由于十六进制的每个八位字节需要两个文本字符,而base64大约需要1.3个字符,因此除非有某些原因,否则选择为base64。

解决方案2
 0  2010-12-16 22:21:43

Hash the password with SHA512 along with a unique per-user salt, then either Base64 encode or hex encode (each byte of the input becomes the 2-digit hex value of that byte). 使用SHA512将密码与唯一的按用户盐混合在一起,然后进行Base64编码或十六进制编码(输入的每个字节变为该字​​节的2位十六进制值)。

Hashes are 1-way functions. 哈希是1向函数。 Once it's hashed, you can never get the original password back. 一旦经过哈希处理,您将永远无法找回原始密码。 But that's fine since you only ever store the hashed password, so in order to check if someone entered their password correctly, you re-hash and compare the hashed versions. 但这很好,因为您只存储了哈希密码,所以为了检查是否有人正确输入了密码,您可以重新哈希并比较哈希版本。

解决方案3
 0  2010-12-16 22:26:44

Base64 is standard and well known way to encode binary data. Base64是编码二进制数据的标准且众所周知的方式。 It is good fit for your requirments. 非常适合您的要求。

If you need to send this value in Urls often using modified Base64 encoding ( http://en.wikipedia.org/wiki/Base64#URL_applications ) or Base32 may work better. 如果您经常需要使用经过修改的Base64编码( http://en.wikipedia.org/wiki/Base64#URL_applications )或Base32来在Urls中发送此值。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将密码的存储更改为 C# 表单中的哈希存储 - Changing Storage of Password to Storing of Hashes in C# Forms 将上载的文件存储在数据库中或将其存储在文件系统中是一个好习惯 - Which is good Practice storing a uploaded File in DB or storing it in Filesystem WCF-使用“ DataSet”通过NetTcpBinding传输数据是否很好? - WCF - Is that good to use “DataSet” for transferring data through NetTcpBinding 存储带有敏感数据的文档有哪些好的做法 - What are the good practise for storing document with sensitive data 使用.settings存储控件的文本数据是否很好? - Is it good to use .settings for storing controls' text data? 重现SqlMembershipProvider密码哈希值 - Reproduce SqlMembershipProvider Password Hashes 传输SQL 2008 DB - Transferring SQL 2008 DB 在会话或数据库中存储Viewstate的缺陷是什么 - what are the pitfalls of storing Viewstate in session or DB 在Android Keystore / iOS钥匙串中存储数据库密码-Xamarin - Storing a DB password in android keystore/ios keychain - xamarin 生成的密码哈希值后总是带有'==' - Generated password hashes are always followed by a '=='
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM