开发者

Encrypting the password using salt in c# [closed]

开发者 https://www.devze.com 2023-04-01 16:45 出处:网络
It's difficult to tell what is being asked here. This question is 开发者_JAVA百科ambiguous, vague, incomplete, overly broad, or rhetorical andcannot be reasonably answered in its current form.
It's difficult to tell what is being asked here. This question is 开发者_JAVA百科ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

I searched for some code for doing that, but found some with pre defined salt. I want to auto generate the salt for each user and store the salt value in the table. Thanks I am new to programming please help


(As suggested, I've replaced my previous salt generation method with something that should be more secure)

To generate a random salt:

public static string GenerateRandomSalt(RNGCryptoServiceProvider rng, int size)
{
    var bytes = new Byte[size];
    rng.GetBytes(bytes);
    return Convert.ToBase64String(bytes);
}

var rng = new RNGCryptoServiceProvider();
var salt1 = GenerateRandomSalt(rng, 16);
var salt2 = GenerateRandomSalt(rng, 16);
// etc.

RNGCryptoServiceProvider is used to generate "cryptographically strong random values," making it more suitable for use here than the standard Random class. However you generate the salt, you can then append it to your password and hash using your algorithm of choice:

var salt = GenerateRandomSalt(rng, 16);
var hashedPassword = DoPasswordHashing(password + salt);

However, it's worth pointing out that doing user authentication correctly can be a more difficult problem than it seems. Eric Lippert wrote a series of blog articles about this several years ago: http://blogs.msdn.com/b/ericlippert/archive/2005/01/28/you-want-salt-with-that-part-one-security-vs-obscurity.aspx

0

精彩评论

暂无评论...
验证码 换一张
取 消