3

我在谷歌搜索过,不幸的是我找不到任何我想要的预期答案。

我已经下载了 BCrypt 的 .NET 实现

老实说,我通常用 PHP 语言编码,我不知道 .Net 之类的东西

4

1 回答 1

1

我假设您已经拥有将用户哈希存储在某种用户配置文件表中的架构?

假设该表的格式如下:

PersonID           int PrimaryKey
PersonName         nvarchar(50)
PersonPasswordHash varchar(128)
PersonPasswordSalt nvarchar(10)

然后在您的 .net 代码(C# 中的示例)中,您将在创建新用户时继续执行以下操作

string passwordPlain = txtPassword.Text; // This is the password entered by the user

/* a work factor of 10 is default, but you can mention any thing from 4 to 31. 
   But keep in mind that for every increment in work factor the work increases 
   twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);

// Now store the passwordHash and passwordSalt in the database for that user

获得上述值后,将适当的值存储在数据库中。

当需要验证登录时,从数据库中检索有关passwordHash和的详细信息passwordSalt,您可以进行如下验证:

string originalPasswordSalt; // retrieve its value from the DB
string originalPasswordHash; // retrieve its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);

if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}
于 2013-02-20T06:49:38.853 回答