根据该网站,https://msdn.microsoft.com/en-us/library/aa288534(v=vs.71).aspx使用System.Security.Cryptographic.RNGCryptoServiceProvider命名空间和"在Logon.aspx.cs或Logon.aspx.vb LogonButton_Click方法中进行哈希处理"。
该网站已经过时了,尽管我认为使用SHA512的技术是类似的(不是说我会使用特定的MSDN示例),但我的问题是,为什么Logon.aspx.vb(在我的情况下)而不是Register.aspx.vb,否则注册时新用户的密码将作为纯文本密码存储在MS Access中(在我情况下也是如此)?
或者应该在Register.aspx.vb和Logon.aspx.vb中对密码进行散列/加盐处理?如果是,两个文件中使用的代码是否相同?
附加评论:
据我所知,我需要使用随机数生成器来转换纯文本密码,因此类似于:
Imports System
Imports System.Object
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Security.Cryptography.RandomNumberGenerator
Imports System.Security.Cryptography.RNGCryptoServiceProvider
Private Shared Sub Main()
Using rng As New RNGCryptoServiceProvider()
Dim data As Byte() = New Byte(3) {}
For i As Integer = 0 To 9
rng.GetBytes(data)
Dim value As Integer = BitConverter.ToInt32(data, 0)
Console.WriteLine(value)
Next
End Using
rng.Dispose()
End Sub
然后我需要使用:
Public Shared Function SHA512 (input As String) As String
Dim input As String
Dim returnValue As String
returnValue = Crypto.SHA512(input)
End Function
然后:
Public Shared Function HashPassword (password As String) As String
Dim password As String
Dim returnValue As String
returnValue = Crypto.HashPassword(password)
End Function
紧随其后的是:
Public Shared Function VerifyHashedPassword (hashedPassword As String, password As String) As Boolean
Dim hashedPassword As String
Dim password As String
Dim returnValue As Boolean
returnValue = Crypto.VerifyHashedPassword(hashedPassword, password)
End Function
最后:
Public Shared Function GenerateSalt (byteLength As Integer) As String
Dim byteLength As Integer
Dim returnValue As String
returnValue = Crypto.GenerateSalt(byteLength)
End Function
这(当编码完全正确时)将进入Register.aspx.vb,然后由Logon.aspx-vb引用或调用?
非常感谢。
据我所知,我需要使用随机数生成器来转换纯文本密码,因此类似于:
Imports System
Imports System.Object
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Security.Cryptography.RandomNumberGenerator
Imports System.Security.Cryptography.RNGCryptoServiceProvider
Private Shared Sub Main()
Using rng As New RNGCryptoServiceProvider()
Dim data As Byte() = New Byte(3) {}
For i As Integer = 0 To 9
rng.GetBytes(data)
Dim value As Integer = BitConverter.ToInt32(data, 0)
Console.WriteLine(value)
Next
End Using
rng.Dispose()
End Sub
然后我需要使用:
Public Shared Function SHA512 (input As String) As String
Dim input As String
Dim returnValue As String
returnValue = Crypto.SHA512(input)
End Function
然后:
Public Shared Function HashPassword (password As String) As String
Dim password As String
Dim returnValue As String
returnValue = Crypto.HashPassword(password)
End Function
紧随其后的是:
Public Shared Function VerifyHashedPassword (hashedPassword As String, password As String) As Boolean
Dim hashedPassword As String
Dim password As String
Dim returnValue As Boolean
returnValue = Crypto.VerifyHashedPassword(hashedPassword, password)
End Function
最后:
Public Shared Function GenerateSalt (byteLength As Integer) As String
Dim byteLength As Integer
Dim returnValue As String
returnValue = Crypto.GenerateSalt(byteLength)
End Function
这(当编码完全正确时)将进入Register.aspx.vb,然后由Logon.aspx-vb引用或调用?