密码加密/解密
我有一个用户的SQL Server表,我想使密码进行加密,并使用asp.net保存在这个表中。我也希望用户可以得到忘记密码和编辑个人资料页,所以我需要解密以及密码。哪种算法或加密技术,我需要使用?
I have a users sql server table and I want to make password encrypted and saved in this table using asp.net. I also want that user can get the password on forgot password and edit profile page so I need to decrypt it as well. Which algorithm or encryption techniques do I need to use ?
请提示
不加密密码进入数据库 - 它哈希(使用盐)
Don't encrypt a password into the database - hash it (using a salt).
如果能够找回密码,是不是你真正需要的东西。你需要让人们重新登录。如果能够解密密码意味着你很可能是让人们知道你的用户的密码。
Being able to retrieve a password is not something you really need. You need to enable people to log back in. Being able to decrypt a password means you may well be allowing people to know the passwords of your users.
我建议您阅读关于建立一个安全的,你想知道的一切特洛伊亨特的密码重置功能。这是实现安全的密码策略的问题和解决方案进行全面的分析。
I suggest reading Everything you ever wanted to know about building a secure password reset feature by Troy Hunt. It is a full analysis of the problems and solutions for implementing a secure password strategy.