WebMatrix WebSecurity PasswordSalt

后端未结

关注

 2  2016

无人共我 2020-12-06 09:12

I am using WebMatrix and have built a website based on the \"StarterSite\". In this starter site you get a nice basic layout - including registration, login, forgot password

2条回答

自闭症患者 (楼主)

2020-12-06 10:09
The above answer gives the impression that there is no salting applied when using WebSecurity SimpleMembershipProvider.

That is not true. Indeed the database salt field is not used, however this does not indicate that there is no salt generated when hashing the password.

In WebSecuritys SimpleMembershipProvider the PBKDF2 algo is used, the random salt is generated by the StaticRandomNumberGenerator and stored in the password field with the hash:
```
byte[] outputBytes = new byte[1 + SALT_SIZE + PBKDF2_SUBKEY_LENGTH];
Buffer.BlockCopy(salt, 0, outputBytes, 1, SALT_SIZE); 
Buffer.BlockCopy(subkey, 0, outputBytes, 1 + SALT_SIZE, PBKDF2_SUBKEY_LENGTH);
return Convert.ToBase64String(outputBytes);
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...