网站会员密码

   这几天因为CSDN明文密码泄露的事情闹得沸沸扬扬.在年关将至的时候火了一把.让我想起我们项目中的会员密码是如何保存的?

   这部分代码是之前曹哥或张博士所留,平常虽然有看过,但也没有仔细研究,只记得有HASH有Salt(盐?).但到底如何实现,今天就当作复习了一下.

   思路以前有所了解,首先产生一个5位数的Salt,然后将password和salt进行Hash.但是具体代码的实现,确实没有了解.

 

产生Salt:

        /// <summary>
        /// 产生随机的混入字符串
        /// </summary>
        /// <param name="length">产生的字符串的长度</param>
        /// <returns>随机字符串</returns>
        public static string CreateSalt(int length)
        {
            Random r = new Random();
            StringBuilder sb = new StringBuilder(length);
            for (int i = 0; i < length; i++)
            {
                sb.Append(constant[r.Next(constant.Length)]);
            }
            return sb.ToString();
        }

 在salt产生中使用了一个constant的数组:

  private static char[] constant ={'0','1','2','3','4','5','6','7','8','9',
        'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r',
        's','t','u','v','w','x','y','z',
        'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R',
        'S','T','U','V','W','X','Y','Z' };

 将password和salt混入并Hash:

 /// <summary>
        /// 混入并计算Hash值
        /// </summary>
        /// <param name="rawString">原始字符串</param>
        /// <param name="salt">混入字符串</param>
        /// <returns>混入后字符串的Hash值</returns>
        public static string SaltAndHash(string rawString, string salt)
        {
            string plan = string.Concat(rawString, salt);
            return plan.Hash();
        }

 hash算法:

  /// <summary>
        /// 计算字符串的Hash值
        /// </summary>
        /// <param name="planText">明文</param>
        /// <returns>Hash值</returns>
        public static string Hash(this string planText)
        {
            byte[] plan = Encoding.UTF8.GetBytes(planText);

            SHA256 hasher = new SHA256Managed();
            byte[] hashed = hasher.ComputeHash(plan);

            return Convert.ToBase64String(hashed);
        }