发表新帖
发表新帖

MD5 hash with salt for keeping password in DB in C#

前端 未结
关注
4 1684
一向
一向 2020-11-27 03:59

Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability.

Now I have this one:

相关标签:
4条回答
  • 眼角桃花
    2020-11-27 04:30

    In addition to the HMACSHA1 class mentioned above, if you just need a quick salted hash, then you're already 95% of the way there:

    private static string GenerateHash(string value, string salt)
{
    byte[] data = System.Text.Encoding.ASCII.GetBytes(salt + value);
    data = System.Security.Cryptography.MD5.Create().ComputeHash(data);
    return Convert.ToBase64String(data);
}

    The real trick is storing the salt in a secure location, such as your machine.config.

    0 讨论(0)
  • 夕颜
    2020-11-27 04:31

    You can use the HMACMD5 class:

    var hmacMD5 = new HMACMD5(salt);
var saltedHash = hmacMD5.ComputeHash(password);

    Works with SHA-1, SHA256, SHA384, SHA512 and RIPEMD160 as well:

    var hmacSHA1 = new HMACSHA1(salt);
var saltedHash = hmacSHA1.ComputeHash(password);

    Both salt and password are expected as byte arrays.

    If you have strings you'll have to convert them to bytes first:

    var salt = System.Text.Encoding.UTF8.GetBytes("my salt");
var password = System.Text.Encoding.UTF8.GetBytes("my password");
    0 讨论(0)
  • 北荒
    2020-11-27 04:31

    Microsoft have done this work for you, but it takes a bit of digging. Install Web Service Extensions 3.0, and have a look at the Microsoft.Web.Services3.Security.Tokens.UsernameToken.ComputePasswordDigest function with Reflector.

    I would like to post the source code to that function here, but I'm not sure if it's legal to do that. If anyone can reassure me then I will do so.

    0 讨论(0)
  • 天涯浪人
    2020-11-27 04:37

    Here's a sample. It handles MD5, SHA1, SHA256, SHA384, and SHA512.

    0 讨论(0)
 看不清?
提交回复
热议问题