bcrypt 的 .net 实现
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/873403/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
.net implementation of bcrypt
提问by Gareth
Does anyone know of a good implementation of bcrypt, I know this question has been asked before but it got very little response. I'm a bit unsure of just picking an implementation that turns up in google and am thinking that I may be better off using sha256 in the System.Security.Cryptography namespace, at least then I know it's supported! What are you thoughts?
有谁知道 bcrypt 的一个很好的实现,我知道这个问题之前已经被问过,但得到的回应很少。我有点不确定只是选择一个在 google 中出现的实现,我想我可能最好在 System.Security.Cryptography 命名空间中使用 sha256,至少那时我知道它是受支持的!你有什么想法?
采纳答案by ine
It sounds like you are looking for BCrypt.net:
听起来您正在寻找BCrypt.net:
BCrypt.net is an implementation of OpenBSD's Blowfish-based password hashing code, described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières. It is a direct port of jBCrypt by Damien Miller, and is thus released under the same BSD-style license. The code is fully managed and should work with any little-endian CLI implementation -- it has been tested with Microsoft .NET and Mono.
BCrypt.net 是 OpenBSD 基于 Blowfish 的密码散列代码的实现,在 Niels Provos 和 David Mazières 的“A Future-Adaptable Password Scheme”中进行了描述。它是 Damien Miller 的 jBCrypt 的直接端口,因此在相同的 BSD 样式许可下发布。代码是完全托管的,应该适用于任何小端 CLI 实现——它已经过 Microsoft .NET 和 Mono 的测试。
回答by Maksym Kozlenko
BCrypt.Net seems to be a most popular library at this moment
BCrypt.Net 似乎是目前最流行的库
Here is an example how to use it for hashing password:
这是一个如何使用它来散列密码的示例:
[TestMethod]
public void BCryptTest()
{
const string password = "PASSWORD";
const int workFactor = 13;
var start = DateTime.UtcNow;
var hashed = BCrypt.Net.BCrypt.HashPassword(password, workFactor);
var end = DateTime.UtcNow;
Console.WriteLine("hash length is {0} chars", hashed.Length);
Console.WriteLine("Processing time is {0} with workFactor {1}", end - start, workFactor);
Console.WriteLine("Hashed password: {0} ", hashed);
Console.WriteLine("correct password {0}", BCrypt.Net.BCrypt.Verify("PASSWORD", hashed));
Console.WriteLine("incorrect password {0}", BCrypt.Net.BCrypt.Verify("PASSWORd", hashed));
}
Sample output:
示例输出:
hash length is 60 chars
Processing time is 00:00:01.0020000 with workFactor 13
Hashed password: a$iBqdG7ENBABEargiyzGlTexPsmviF/qrFxUZB2zce7HKF6MoBNhEq
correct password True
incorrect password False
回答by Ryan Emerle
You can find an updated implementation of BCrypt for .Net here: http://bcrypt.codeplex.com/
您可以在此处找到适用于 .Net 的 BCrypt 的更新实现:http://bcrypt.codeplex.com/
回答by Zer
I needed a BCrypt implementation when moving something from PostgreSQL (which has pg_crypto) to SQLite (which doesn't), so I wrote my own. Seeing from this message I'm not the only one needing this, I've decided to slap a license on it and release it. The URL is:
在将某些东西从 PostgreSQL(有 pg_crypto)移动到 SQLite(没有)时,我需要一个 BCrypt 实现,所以我自己写了。从这条消息中看到我不是唯一需要这个的人,我决定给它一个许可证并发布它。网址是:
http://zer7.com/software.php?page=cryptsharp
http://zer7.com/software.php?page=cryptsharp
The Blowfish implementation behind it is a port of Bruce Schneier's public domain C implementation, and succeeds on all the official test vectors.
其背后的 Blowfish 实现是 Bruce Schneier 的公共域 C 实现的一个端口,并且在所有官方测试向量上都成功。
The BCrypt code I wrote myself based on the spec. I also created a PHP script which generates random passwords of length 0 to 100 and salts, crypts them, and outputs them to a test file. The C# code matches these 100% of the time so far. You are welcome to use the script and test this yourself.
我根据规范自己编写的 BCrypt 代码。我还创建了一个 PHP 脚本,它生成长度为 0 到 100 的随机密码和盐,对它们进行加密,然后将它们输出到测试文件。到目前为止,C# 代码在 100% 的时间内与这些匹配。欢迎您使用该脚本并自行测试。
The library also includes PBKDF2 code which works for any HMAC as opposed to .Net's SHA-1-only implementation (added today -- I'm intending to do SCrypt in C# soon and that requires PBKDF2 with HMAC-SHA256). You could make yourself a scheme based on this too, if you wanted.
该库还包括适用于任何 HMAC 的 PBKDF2 代码,而不是 .Net 的 SHA-1-only 实现(今天添加 - 我打算很快在 C# 中执行 SCrypt,这需要带有 HMAC-SHA256 的 PBKDF2)。如果您愿意,您也可以基于此为自己制定一个计划。
回答by Ioanna
Wrong answer, please see below
错误答案,请看下面
All "Cng" (Cryptography Next Generation) postfixed algorithms in the .Net Framework now use bcrypt. E.g. SHA256Cng.
.Net 框架中的所有“Cng”(下一代密码学)后缀算法现在都使用 bcrypt。例如SHA256Cng。
Actually the MS BCrypt (BestCrypt) does not refer to the one based on the Blowfish cipher - thank you, RobbyD, for the comment.
Will not delete the answer, just in case anyone else makes the same confusion.
实际上,MS BCrypt (BestCrypt) 并不是指基于 Blowfish 密码的密码 - 谢谢 RobbyD 的评论。
不会删除答案,以防万一其他人做出同样的混淆。
回答by Deb
Have you tried this MS BCryptCreateHash C++ functionperhaps?? Seems to be present from Windows Server 2008 and Windows Vista.
你有没有试过这个MS BCryptCreateHash C++ 函数??似乎存在于 Windows Server 2008 和 Windows Vista。
Also, you can probably check the following MS C# BCryptNative.csclass too perhaps.
此外,您也可以查看以下MS C# BCryptNative.cs类。
