我可以存儲密碼哈希和隨機鹽。我如何驗證密碼?驗證數據庫中的鹽
Public Function GetSaltedHash(pw As String, salt As String) As String
Dim tmp As String = pw & salt
Using hash As HashAlgorithm = New SHA512Managed()
Dim saltyPW = Encoding.UTF8.GetBytes(tmp)
Dim hBytes = hash.ComputeHash(saltyPW)
Return Convert.ToBase64String(hBytes)
End Using
End Function
Public Function CreateNewSalt(size As Integer) As String
Using rng As New RNGCryptoServiceProvider
Dim data(If(size < 7, 7, size)) As Byte
rng.GetBytes(data)
Return Convert.ToBase64String(data)
End Using
End Function
創建與哈希和隨機鹽密碼
Const SaltSize As Integer = 31
Dim pw As String = txt_regpass.Text
Dim dbSalt = CreateNewSalt(SaltSize)
GetSaltedHash(pw, dbSalt))
代碼來自的答案解釋瞭如何:通過相同的散列機制運行密碼嘗試,並將結果與存儲的結果進行比較。你不驗證鹽,但PW哈希 - 你將需要使用最初用來散列已保存的PW的鹽。 – Plutonix
你讀過這個了嗎? http://stackoverflow.com/questions/1219899/where-do-you-store-your-salt-strings –
這個密碼哈希代碼非常弱。至少你應該使用[Bcrypt](http://bcrypt.codeplex.com)。 – tadman