我在谷歌搜索过,不幸的是我找不到任何我想要的预期答案。
我已经下载了 BCrypt 的 .NET 实现
老实说,我通常用 PHP 语言编码,我不知道 .Net 之类的东西
问问题
3002 次
1 回答
1
我假设您已经拥有将用户哈希存储在某种用户配置文件表中的架构?
假设该表的格式如下:
PersonID int PrimaryKey
PersonName nvarchar(50)
PersonPasswordHash varchar(128)
PersonPasswordSalt nvarchar(10)
然后在您的 .net 代码(C# 中的示例)中,您将在创建新用户时继续执行以下操作
string passwordPlain = txtPassword.Text; // This is the password entered by the user
/* a work factor of 10 is default, but you can mention any thing from 4 to 31.
But keep in mind that for every increment in work factor the work increases
twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);
// Now store the passwordHash and passwordSalt in the database for that user
获得上述值后,将适当的值存储在数据库中。
当需要验证登录时,从数据库中检索有关passwordHash和的详细信息passwordSalt,您可以进行如下验证:
string originalPasswordSalt; // retrieve its value from the DB
string originalPasswordHash; // retrieve its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);
if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}
于 2013-02-20T06:49:38.853 回答