stackoom
  简体   繁体   中英

How can I store a hash in a SQL Server database using C#?

 原文  2012-02-12 21:23:16       c#/ .net/ sql-server/ hash

Question

I'm trying to make a website with a log on / log off feature and I plan on properly hashing and salting the password. The problem I'm facing, however, is how I'd go about storing the password in the database. I know that I need to store the hashed + salted password in the database (not in plain text or plain encrypted), but I don't know how to technically get around inserting the binary data into the database.

In my early attempts, the only way I could get the data in the database would be to have the binary data converted to a base64 string and inserted into the varchar password field, but something is telling me that's not the correct way to do it.

The password field in the database is currently a varchar but as I understand it, a hashed password is binary. So even if I changed the password field to a binary object, I still don't know how to actually insert it!

If I'm not making any sense please ask for clarification and I'll get back to you.

2 answers

solution1
 6  2012-02-12 21:33:59

In Microsoft SQL Server you can store binary data in columns having a binary data type (or varbinary if you need variable length data). You can use that for you hashed and salted passwords. If you use a 512 bit hash function and also want to use a 512 bit salt you need 2*512/8 = 128 bytes (eg binary(128) to store salt and hash.

Normally whatever API you use to read and write the database should assist you in reading and writing binary data. However, perhaps you want to use some SQL to directly insert a binary value into a table. You can use syntax like this: 

insert into MyTable values (0x123456789ABCDEF)

Not really an answer to your question, but if you struggle with implementing you own password feature you could consider using a prebuilt industrial strength component to avoid embarrasing errors in the future. ASP.NET has a membership provider for instance.

solution2
 5 ACCPTED  2012-02-12 21:37:54

No, a hashed password doesnt have to be stored in a varbinary field, you can encode it and store it in a varchar field. Base64 is a good alternative for encoding any kind of characters.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to store a checkbox value into sql server database using c# How can I see the data of a SQL server database in c#, and where it's store? How can I store long text data in embedded SQL Server CE database of C# application? How to store hash value from C# in SQL Server using sql query How can I check if I have an image from my SQL Server database or not using C# How can I create a view in a SQL Server database with C#? How can I get a list of tables in a SQL Server database along with the primary key using ONLY C#? How can I do hash and salt to manage secure credentials in C# with SQL Server 2008 How to store XML files in SQL database using C#? in which format i can Store Sound in Database using by C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM