修复硬编码的PBE密码

时间:2019-02-28 15:22:55

标签: c# fortify

我们一直在使用Fortify工具来检查安全漏洞,密钥管理:硬编码的PBE密码问题,这使得修复起来很困难。

Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 
0x49, 0x76,0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });

AND

using (var password = new Rfc2898DeriveBytes(PassPhrase, saltStringBytes, DerivationIterations))

我从此链接Encrypting & Decrypting a String in C#获得StringCipher类

0 个答案:

没有答案