问题描述
我查找了有关如何执行此操作的 msdn 和其他资源,但没有找到明确的解决方案.这是我找到的最好的 http://blogs.msdn.com/b/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx?Redirected=true
I looked up msdn and other resources on how to do this but i came up with no clear solutions. This is the best i found http://blogs.msdn.com/b/shawnfa/archive/2004/04/14/generating-a-key-from-a-password.aspx?Redirected=true
我想在 C# 中使用 bcrypt 或 PBKDF2(这似乎与 bcrypt 相关)对密码进行哈希处理.我喜欢试验我的计算机需要多少轮来散列密码.然而,当每个人都在谈论散列时,一切似乎都是关于加密的.我想不通.我如何散列密码?它看起来更像 PBKDF2 (Rfc2898?) 是一个随机数生成器,我使用 GetBytes(amount) 来选择我的哈希大小.
I would like to hash passwords in C# using either bcrypt or PBKDF2 (which appears to be bcrypt related). I like to experiment with how many rounds it takes for my computer to hash a password. However everything seems to be about encrypting while everyone talks about hashing. I can't figure it out. How do i hash a password? It looks more like PBKDF2 (Rfc2898?) is a random number generator and i use GetBytes(amount) to choose how big my hash size is.
我很困惑.我如何使用 bcrypt/PBKDF 对密码进行哈希处理?
I'm confused. How exactly do i hash a password with bcrypt/PBKDF?
推荐答案
PBKDF2
其实你们真的很亲近.您提供的链接向您展示了如何调用 Rfc2898DeriveBytes 函数获取 PBKDF2 哈希结果.但是,您对示例使用派生密钥进行加密这一事实感到困惑(PBKDF1 和 2 的最初动机是创建适合用作加密密钥的密钥"派生函数).当然,我们不想将输出用作加密,而是将其用作哈希.
PBKDF2
You were really close actually. The link you have given shows you how you can call the Rfc2898DeriveBytes function to get PBKDF2 hash results. However, you were thrown off by the fact that the example was using the derived key for encryption purposes (the original motivation for PBKDF1 and 2 was to create "key" derivation functions suitable for using as encryption keys). Of course, we don't want to use the output for encryption but as a hash on its own.
你可以试试 SimpleCrypto.Net 如果您想要 PBKDF2,则正是为此目的而编写的库.如果您查看实现,您可以看到它实际上只是一个薄包装(你猜对了)Rfc2898DeriveBytes.
You can try the SimpleCrypto.Net library written for exactly this purpose if you want PBKDF2. If you look at the implementation, you can see that it is actually just a thin wrapper around (you guessed it) Rfc2898DeriveBytes.
如果您想试验一下,可以尝试名为(还有什么)BCrypt.NET 的 C# 实现这个变种.
You can try the C# implementation named (what else) BCrypt.NET if you want to experiment with this variant.
免责声明:我没有使用或测试过我链接到的任何库... YMMV
Disclaimer: I have not used or tested any of the libraries that I have linked to... YMMV
这篇关于C#中的哈希密码?Bcrypt/PBKDF2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!