Sql AdventureWorks2012 DB-如何存储密码以及如何验证密码？_Sql_Validation_Encryption_Passwords_Hashalgorithm

Sql AdventureWorks2012 DB-如何存储密码以及如何验证密码？

sql validation encryption passwords

Sql AdventureWorks2012 DB-如何存储密码以及如何验证密码？,sql,validation,encryption,passwords,hashalgorithm,Sql,Validation,Encryption,Passwords,Hashalgorithm,我从获取AdventureWorks2012 DB，并试图从Person.Password表验证密码。”PasswordHash'列描述显示电子邮件帐户的密码。“PasswordSalt”列说明在对密码进行哈希运算之前，将随机值与密码字符串连接在一起以下是数据库中的示例数据： BusinessEntityID, PasswordHash, PasswordSalt, EmailAddress ---------------- ----------------------------------

我从获取AdventureWorks2012 DB，并试图从Person.Password表验证密码。”PasswordHash'列描述显示电子邮件帐户的密码。“PasswordSalt”列说明在对密码进行哈希运算之前，将随机值与密码字符串连接在一起

以下是数据库中的示例数据：

BusinessEntityID, PasswordHash, PasswordSalt, EmailAddress
---------------- --------------------------------------------------------------------------
1, pbFwXWE99vobT6g+vPWFy93NtUU/orrIWafF01hccfM=, bE3XiWw=, ken0@adventure-works.com

2, bawRVNrZQYQ05qF05Gz6VLilnviZmrqBReTTAGAudm0=, "EjJaC3U=, terri0@adventure-works.com

如何知道使用哪种哈希算法创建密码哈希？passwordsalt是如何生成的

下面是尝试验证密码的代码，但哈希算法都不起作用。有人能解释一下吗

public class SecurityService : ISecurityService
    {
        public string UserName { get; set; }

        public bool ValidateCredentials(string password, Password dbPassword)
        {
            bool valid = false;

            byte[] saltBytes = Convert.FromBase64String(dbPassword.PasswordSalt); //dbPassword.PasswordSalt: bE3XiWw=
            byte[] passwordBytes = Encoding.Unicode.GetBytes(password); //password: ken0@adventure-works.com
            byte[] passwordHashBytes = Convert.FromBase64String(dbPassword.PasswordHash);//dbPassword.PasswordHash: pbFwXWE99vobT6g+vPWFy93NtUU/orrIWafF01hccfM=
            byte[] passwordHashed    = Hash(passwordBytes, saltBytes);
            byte[] dbPasswordHashed  = Hash(passwordHashBytes, saltBytes);

            valid = dbPasswordHashed.SequenceEqual(passwordHashed);

            return valid;

        }

        private static byte[] Hash(byte[] value, byte[] salt)
        {
            byte[] saltedValue = value.Concat(salt).ToArray();
            return HashAlgorithm.Create("MD5").ComputeHash(saltedValue);
            //return HashAlgorithm.Create("SHA1").ComputeHash(saltedValue);
            //return HashAlgorithm.Create("SHA256").ComputeHash(saltedValue);
            //return HashAlgorithm.Create("SHA384").ComputeHash(saltedValue);
            //return HashAlgorithm.Create("SHA512").ComputeHash(saltedValue);  
        }
    }

如果替换valid=dbPasswordHashed.SequenceEqualpasswordHashed；具有 valid=passwordHashBytes.SequenceEqualpasswordHashed

它将给出正确的结果。

在本例中，您确定电子邮件地址列中的密码和值相同吗？是的，这是passwordhash列的描述。