答案 0 :(得分:1)
我假设您已经拥有用于在某种用户配置文件表中存储用户哈希的架构?
假设此表的格式如下:
PersonID int PrimaryKey
PersonName nvarchar(50)
PersonPasswordHash varchar(128)
PersonPasswordSalt nvarchar(10)
然后在您的.net代码(C#中的示例)中,您将在创建新用户时继续执行以下操作
string passwordPlain = txtPassword.Text; // This is the password entered by the user
/* a work factor of 10 is default, but you can mention any thing from 4 to 31.
But keep in mind that for every increment in work factor the work increases
twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);
// Now store the passwordHash and passwordSalt in the database for that user
使用上述值后,在数据库中存储适当的值。
当需要验证登录时,从数据库中检索有关passwordHash和passwordSalt的详细信息,您可以按如下方式进行验证:
string originalPasswordSalt; // retireive its value from the DB
string originalPasswordHash; // retireive its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);
if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}