开发者

hash password in SQL Server (asp.net)

问答 作者:

Is this how hashed password stored in SQL Server should look like?

alt text http://img28.imageshack.us/img28/2545/88871034.gif

This is function I use to hash password (I found it in some tutorial)

public string 开发者_如何学GoEncryptPassword(string password)
{
    //we use codepage 1252 because that is what sql server uses
    byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
    byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
    return Encoding.GetEncoding(1252).GetString(hashBytes);
}

EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to:

public string EncryptPassword(string password)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}

// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8

Result from the image above looks like broken string, but this sha-1 looks normal....

Will this be secure enough?

Your're close, but not quite there.

For a secure hash, you will need a salt value in another column. Second, try to stay away from MD5 as a hashing provider. It's not as secure as SHA-1 or SHA-2. SHA-1 is included in .NET just like MD5 is.

继续阅读:asp.nethashpasswordssqlsql-server

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9