怎么才能在注册用户里加密呢。如果不加密直接就能年到密码内容,会有安全问题吧?
希望高手指点下!
------解决方案--------------------------------------------------------
密码格式有三种:Clear(明文)、Encrypted、Hashed
下面的代码来自微软的源代码:
- C# code
private byte[] GetSaltedPassword(string password, string salt) { byte[] passwordBuff = Encoding.Unicode.GetBytes(password); byte[] saltBuff = Convert.FromBase64String(salt); byte[] saltedPassword = new byte[saltBuff.Length + passwordBuff.Length]; Buffer.BlockCopy(saltBuff, 0, saltedPassword, 0, saltBuff.Length); Buffer.BlockCopy(passwordBuff, 0, saltedPassword, saltBuff.Length, passwordBuff.Length); return saltedPassword; } private string GetEncodedPassword(string password, int passwordFormat, string passwordSalt) { string encodedPassword; byte[] buff; byte[] saltedPassword; switch (passwordFormat) { case 0: encodedPassword = password; break; case 1: saltedPassword = GetSaltedPassword(password, passwordSalt); HashAlgorithm hashAlgorithm = HashAlgorithm.Create(Membership.HashAlgorithmType); buff = hashAlgorithm.ComputeHash(saltedPassword); encodedPassword = Convert.ToBase64String(buff); break; default: saltedPassword = GetSaltedPassword(password, passwordSalt); buff = EncryptPassword(saltedPassword); encodedPassword = Convert.ToBase64String(buff); break; }