How can `string.Empty` be hashed?
Question
For some reason this doesn't make sense to me. How is an empty string hashed when there are no char s in the string to hash?
What I'm talking about would look like this:
System.Web.Helpers.Crypto.HashPassword(string.Empty);
How is this possible?
1 answers
solution1
6 ACCPTED 2014-01-03 23:00:19
From the MSDN :
The password hash is generated with the RFC 2898 algorithm using a 128-bit salt, a 256-bit subkey, and 1000 iterations. The format of the generated hash bytestream is {0x00, salt, subkey}, which is base-64 encoded before it is returned.
First you need to understand how RFC 2898 works . In a nutshell it combines the salt with the passed in password, hashes it a number of times, and produces a bytestream that you can read out as many bytes as you want.
Using the above quoted documentation we see that it picks a random salt that is 128 bits large, uses 1000 hashes, and pulls 256 bits out of the stream at the end.
So we can get chars out because RFC 2898 allows you to take as many bytes as you want to from the output of the function, it is not a fixed output. We also get a different output if we call Crypto.HashPassword(string.Empty); twice because it chooses a new random salt every time we call the function.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.