.net - 如何使用 .Net 实现 SQL Server 的 BCrypt？

Question

我在谷歌上搜索过，不幸的是我找不到任何我想要的预期答案。

我已经下载了.NET implementation of BCrypt

老实说，我通常用 PHP 语言编码，我对 .Net 这样的东西一无所知

Answer 1

我假设您已经拥有将用户哈希存储在某种用户配置文件表中的架构？

假设该表的格式如下:

PersonID           int PrimaryKey
PersonName         nvarchar(50)
PersonPasswordHash varchar(128)
PersonPasswordSalt nvarchar(10)

然后在您的 .net 代码(C# 中的示例)中，您将在创建新用户时继续执行以下操作

string passwordPlain = txtPassword.Text; // This is the password entered by the user

/* a work factor of 10 is default, but you can mention any thing from 4 to 31. 
   But keep in mind that for every increment in work factor the work increases 
   twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);

// Now store the passwordHash and passwordSalt in the database for that user

获得上述值后，将适当的值存储在数据库中。

验证登录时，从数据库中检索有关 passwordHash 和 passwordSalt 的详细信息，您可以按如下方式进行验证:

string originalPasswordSalt; // retrieve its value from the DB
string originalPasswordHash; // retrieve its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);

if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}