我们一直在使用Fortify工具来检查安全漏洞,密钥管理:硬编码的PBE密码问题,这使得修复起来很困难。
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] {
0x49, 0x76,0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
AND
using (var password = new Rfc2898DeriveBytes(PassPhrase, saltStringBytes, DerivationIterations))
我从此链接Encrypting & Decrypting a String in C#获得StringCipher类