What would be the best way to implement SHA512 into my code?

huangapple go评论83阅读模式
英文:

What would be the best way to implement SHA512 into my code?

问题

我需要将密码存储在SQL数据库中,将其以明文存储是不安全的。出于各种原因,我选择了在存储之前使用SHA512哈希密码。但是,我实在无法找到如何使用从用户输入获取的Secure字符串,并使用SHA512哈希它(这也意味着我还没有能够研究如何加盐)。

我在网上看到可以调用SHA512的新实例,但必须进行管理(?),但当我尝试时,它显示已经过时。更深入查看,明智的互联网建议使用SHA512的create方法... 这也已经过时。

如何对Secure字符串进行哈希和加盐的任何帮助都将非常有帮助。

英文:

So I need to store passwords in a SQL database and it would be insecure to store them in plain text. For a variety of reasons, I chose SHA512 to hash the passwords prior to storage. I, for the life of me, can not identify how to take data from a Secure string gained from user input, and hash it using SHA512 (which also means I haven't been able to look into salting it either).

I have seen online that you call a new instance of SHA512 but that it has to be managed (?) but when I try it shows that it is obsolete. Looking further, the wise internet suggested the create method of SHA512... which is also obsolete.

Any help into how I can hash and salt a secure string would be great.

答案1

得分: 1

以下是代码示例的翻译部分:

这是一个使用SHA512和随机盐的基本哈希和盐方法,将盐添加到哈希之前。

private static string HashAndSalt(string plaintext)
{
    var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";

    using var hasher = SHA512.Create();
    var random = new Random();

    var ciphertextBytes = hasher.ComputeHash(Encoding.UTF8.GetBytes(plaintext));
    var ciphertextB64 = Convert.ToBase64String(ciphertextBytes);
    var salt = new string(Enumerable.Repeat(chars, 8).Select(s => s[random.Next(s.Length)]).ToArray());

    var ciphertext = salt + ':' + ciphertextB64;

    return ciphertext;
}
你需要将你的`SecureString`转换为普通的`string`。使用`SecureString`已经过时,不应再使用。正如评论中提到的,你应该考虑使用专用的密码哈希算法,如:

- PBKDF2
- Argon2
- Bcrypt
- Scrypt

以下是使用`Bcrypt` 的示例 - 它并不太复杂。

首先,获取这个NuGet包:`BCrypt.Net-Next`

private static string BcryptHash(string plaintext)
{
    var ciphertext = BCrypt.Net.BCrypt.HashPassword(plaintext, 12);
    return ciphertext;
}

但是,你不能像SHA512一样在用户尝试进行身份验证时比较哈希值。你需要使用Bcrypt的'Verify'函数。

private static bool BcryptVerify(string plaintext)
{
    return BCrypt.Net.BCrypt.Verify(plaintext, hashedPassword);
}

其中,plaintext是你从用户输入中收到的plaintext”密码,hashedPassword是你从存储初始ciphertext的数据库中检索到的哈希值

希望这有所帮助。

<details>
<summary>英文:</summary>

Here is a basic hash and salt method using SHA512 and a random salt prepended to the hash.

    private static string HashAndSalt(string plaintext)
    {
        var chars = &quot;abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890&quot;;
    
        using var hasher = SHA512.Create();
        var random = new Random();
    
        var ciphertextBytes = hasher.ComputeHash(Encoding.UTF8.GetBytes(plaintext));
        var ciphertextB64 = Convert.ToBase64String(ciphertextBytes);
        var salt = new string(Enumerable.Repeat(chars, 8).Select(s =&gt; s[random.Next(s.Length)]).ToArray());
    
        var ciphertext = salt + &#39;:&#39; + ciphertextB64;
    
        return ciphertext;
    } 

You will need to convert your `SecureString` to a normal `string`. Using a `SecureString` is obsolete and should not be used anymore. As the comments mentioned you should look into a dedicated password hashing algorithm such as:

 - PBKDF2
 - Argon2
 - Bcrypt
 - Scrypt

Here is an example using `Bcrypt` - it is not too complicated.

First, grab this NuGet package: `BCrypt.Net-Next`

    private static string BcryptHash(string plaintext)
    {
        var ciphertext = BCrypt.Net.BCrypt.HashPassword(plaintext, 12);
        return ciphertext;
    } 

You can&#39;t however compare the hashes when a user tries to authenticate as you can with SHA512. You need to use Bcrypts &#39;Verify&#39; function.

    private static bool BcryptVerify(string plaintext)
    {
        return BCrypt.Net.BCrypt.Verify(plaintext, hashedPassword);
    } 

Where the plaintext is the `plaintext` password you receive from user input and the `hashedPassword` being the hash you retrieved from the database where the initial ciphertext was stored.

Hope this helps.

</details>



huangapple
  • 本文由 发表于 2023年2月16日 17:34:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/75470292.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定