stackoom
  简体   繁体   中英

How to restrict the length of the encryption and salt?

 原文  2014-08-24 11:19:23       c#/ asp.net-mvc/ encryption

Question

I'm currently using the SimpleEncrypto NuGet package to encrypt my passwords, like so: 

var crypto = new SimpleCrypto.PBKDF2();
var encrypPass = crypto.Compute(user.Password);
var newUser = db.Users.Create();
newUser.PasswordSalt = crypto.Salt;

The trouble is the password and salt generated are about 100 characters, and I'm really just looking to keep it a lot shorter so it'll fit into a table in database. The user is only allowed to enter 20 characters max.

How to restrict the length of the encryption and salt?

1 answers

solution1
 0  2014-08-24 13:17:49

First, you are not encrypting but hashing. You can truncate hashes to any length you like. Of course, you risk more collisions the more you truncate the hash.

Just truncate the hash to 20 characters. 20 base64 characters should be enough strength for a password. That's 6*20=120 bits of entropy which is probably more than the password of almost all users has.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting Unique Salt for Encryption How to restrict length of cell in ListView? Encryption Salt Algo CryptSharp gives different encryption of password … How to get ride of this Vulnerable IV and salt in AES encryption Security of AES encryption with constant salt How to limit the maximmum length of the AES Encryption Password Restrict Characters used in Encryption How do i use random salt and random iv in aes encryption and decryption algorithm? How to authenticate user using column encryption of password as well as using password salt technique at business logic? Generating salt with specified bit length
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM