爲了改進我的代碼,我正在尋找在.NET中創建和比較鹽漬密碼的最佳方法。在.NET中創建和比較鹽漬密碼的最簡單方法是什麼?
有沒有更好的或更安全的方法呢?
我當前的代碼如下:
public static string CreateSaltedPassword(string salt, string password)
{
SHA1CryptoServiceProvider SHA1 = null;
SHA1 = new SHA1CryptoServiceProvider();
// Convert the string into an array of bytes
byte[] byteValue = System.Text.Encoding.UTF8.GetBytes(salt + password);
// Compute the hash value
byte[] byteHash = SHA1.ComputeHash(byteValue);
// Dispose the unmanaged cryptographic object
SHA1.Clear();
return Convert.ToBase64String(byteHash);
}
public static bool ComparePasswords(string salt, string password, string storedPassword)
{
string passwordHash = string.Empty;
// Create the hashed password
passwordHash = PasswordProvider.CreateSaltedPassword(
salt, password);
// Compare the passwords
return (string.Compare(storedPassword, passwordHash) == 0);
}
您應該在每次執行的迭代中添加一些信息,因爲僅重複哈希函數N次會稍微增加碰撞風險。請參閱http://en.wikipedia.org/wiki/Key_strengthening#Hash_based_key_stretching – ollb 2012-02-10 19:30:44