发表新帖
发表新帖

System.Web.Helpers.Crypto - Where's the salt?

前端 未结
关注
2 1592
面向向阳花
面向向阳花 2021-02-01 03:21

In the past when dealing with passwords I\'ve always stored a salt and a hashed password separately in my data store. Today I was looking to update some legacy code to use a RFC

2条回答
  • 無奈伤痛
    無奈伤痛 (楼主)
    2021-02-01 03:24

    Answer

    All passwords need to be salted in order to hash them securely. In this case, however, you are correct. System.Web.Helpers.Crypto takes care of creating a salt for you. You don't need to create one. It is stored in the string returned by Crypto.HashPassword().

    Example

    All you need to do is something like this.

    using System.Web.Helpers;

public void SavePassword(string unhashedPassword)
{
    string hashedPassword = Crypto.HashPassword(unhashedPassword);
    //Save hashedPassword somewhere that you can retrieve it again.
    //Don't save unhashedPassword! Just let it go.
}

public bool CheckPassword(string unhashedPassword)
{
    string savedHashedPassword = //get hashedPassword from where you saved it

    return Crypto.VerifyHashedPassword(savedHashedPassword, unhashedPassword)
}

    More Information

    • If you would like to see the source code for the Crypto class you can view it here.
    • And here is a good blog on the class and some of the ideas behind it.

    0 讨论(0)
 看不清?
提交回复
热议问题