翻阅一开源项目中,发现对密码的相关操作.
最开始 , 一般 用 密码->md5 存储. 后来发现md5可以撞库,后来就有听说腾讯的加密方式是md5 26次,然后反转序列再 md5 2次... (道听途说的)
也有用 密码+固定salt 进行md5的, 还有一种是 动态salt+密码->md5 ,这种就是要多存一个 sal 到数据库.
下面介绍另外一种类似的
1.生成随机salt
public static string GenerateSalt()
    {
        // Generate a 128-bit salt using a sequence of cryptographically strong random bytes.
        byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes
        return Convert.ToBase64String(salt);
    }
2.对密码进行加密
/*需要引入命名空间
 using Microsoft.AspNetCore.Cryptography.KeyDerivation;
 using Microsoft.AspNetCore.Http;*/
    // https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/password-hashing?view=aspnetcore-6.0
    // This is not secure, but better than nothing.
    public static string HashPassword2(string clearPassword, string saltBase64)
    {
        var salt = Convert.FromBase64String(saltBase64);
        // derive a 256-bit subkey (use HMACSHA256 with 100,000 iterations)
        string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
            password: clearPassword!,
            salt: salt,
            prf: KeyDerivationPrf.HMACSHA256,
            iterationCount: 100000,
            numBytesRequested: 256 / 8));
        return hashed;
    }
3.调用示例
string pwd = "admin123.";
string salt = Helper.GenerateSalt();
var hash = Helper.HashPassword2(pwd , salt);
然后把 用户名,salt 和 hash 存在数据里面.
    










