• 设计安全的账号系统


    设计一个安全的账号系统,很重要的一个方面就是如何保护用户的密码。保护用户密码最简单的方式就是使用带盐的密码hash(salted password hashing)。

    具体的操作就是给密码加一个随机的前缀或者后缀,然后再进行hash。这个随机的后缀或者前缀成为“盐”。通过加盐,相同的密码每次hash都是完全不一样的字符串了。检查用户输入的密码是否正确的时候,我们也还需要这个盐,所以盐一般都是跟hash一起保存在数据库里,或者作为hash字符串的一部分。

    如果需要达到更高的安全等级,可以考虑将salt值和最终hash结果存在不同的数据库。

    比较加盐hash结果时,注意使用时间恒定的比较函数。

    普通的情况下,在比较两个字符串时,函数是一个字符一个字符进行比较,如果某个字符不匹配就会立即返回。攻击者可以根据验证的时间长短来判断前几位字符是否正确,然后逐步修正最终得到正确的结果。

    因此,在比较 hash 时,使用时间恒定的比较函数,可以让攻击者摸不着头脑。

    具体实现如下:

    using System;
    using System.Text;
    using System.Security.Cryptography;
     
    namespace PasswordHash
    {
        /// <summary>
        /// Salted password hashing with PBKDF2-SHA1.
    /// </summary> public class PasswordHash { // The following constants may be changed without breaking existing hashes. public const int SALT_BYTE_SIZE = 24; public const int HASH_BYTE_SIZE = 24; public const int PBKDF2_ITERATIONS = 1000; public const int ITERATION_INDEX = 0; public const int SALT_INDEX = 1; public const int PBKDF2_INDEX = 2; /// <summary> /// Creates a salted PBKDF2 hash of the password. /// </summary> /// <param name="password">The password to hash.</param> /// <returns>The hash of the password.</returns> public static string CreateHash(string password) { // Generate a random salt RNGCryptoServiceProvider csprng = new RNGCryptoServiceProvider(); byte[] salt = new byte[SALT_BYTE_SIZE]; csprng.GetBytes(salt); // Hash the password and encode the parameters byte[] hash = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE); return PBKDF2_ITERATIONS + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash); } /// <summary> /// Validates a password given a hash of the correct one. /// </summary> /// <param name="password">The password to check.</param> /// <param name="correctHash">A hash of the correct password.</param> /// <returns>True if the password is correct. False otherwise.</returns> public static bool ValidatePassword(string password, string correctHash) { // Extract the parameters from the hash char[] delimiter = { ':' }; string[] split = correctHash.Split(delimiter); int iterations = Int32.Parse(split[ITERATION_INDEX]); byte[] salt = Convert.FromBase64String(split[SALT_INDEX]); byte[] hash = Convert.FromBase64String(split[PBKDF2_INDEX]); byte[] testHash = PBKDF2(password, salt, iterations, hash.Length); return SlowEquals(hash, testHash); } /// <summary> /// Compares two byte arrays in length-constant time. This comparison /// method is used so that password hashes cannot be extracted from /// on-line systems using a timing attack and then attacked off-line. /// </summary> /// <param name="a">The first byte array.</param> /// <param name="b">The second byte array.</param> /// <returns>True if both byte arrays are equal. False otherwise.</returns> private static bool SlowEquals(byte[] a, byte[] b) { uint diff = (uint)a.Length ^ (uint)b.Length; for (int i = 0; i < a.Length && i < b.Length; i++) diff |= (uint)(a[i] ^ b[i]); return diff == 0; } /// <summary> /// Computes the PBKDF2-SHA1 hash of a password. /// </summary> /// <param name="password">The password to hash.</param> /// <param name="salt">The salt.</param> /// <param name="iterations">The PBKDF2 iteration count.</param> /// <param name="outputBytes">The length of the hash to generate, in bytes.</param> /// <returns>A hash of the password.</returns> private static byte[] PBKDF2(string password, byte[] salt, int iterations, int outputBytes) { Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt); pbkdf2.IterationCount = iterations; return pbkdf2.GetBytes(outputBytes); } } }
  • 相关阅读:
    正则表达式的规则
    数组合并函数,二维数组相同字段合并到一起。
    mysql如果在使用多表连查时,两张或多张表出现相同的字段名的解决办法
    mysql多表查询方法(left join(左连接),right join (右连接),inner join (内连接)的区别)
    针对ueditor编译器发送数据后不能自动清空表单的问题
    mysql数据库分组查询小结
    ubuntu下命令详细小结
    STL 的运用 istringstream的运用
    odeforces Beta Round #77 (Div. 2 Only)
    位运算基础
  • 原文地址:https://www.cnblogs.com/wangyunjie/p/6064113.html
Copyright © 2020-2023  润新知