我遇到过这个密码课,我想在我的一个项目中使用它。我有一个连接到MySQL数据库的Windows窗体。我创建了连接,之前使用此代码登录系统:
Imports System.Data.OleDb
Imports System.Net.Sockets
Public Class Login
'The maximum number of times the user can try to login.
Private Const MAX_ATTEMPT_COUNT As Integer = 3
'The number of times the user has tried to login.
Private attemptCount As Integer = 0
Dim adminLogin As Boolean
Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
Dim x As New System.Security.Cryptography.MD5CryptoServiceProvider()
Dim bs As Byte() = System.Text.Encoding.UTF8.GetBytes(TextBoxPassword.Text)
bs = x.ComputeHash(bs)
Dim s As New System.Text.StringBuilder()
For Each b As Byte In bs
s.Append(b.ToString("x2").ToLower())
Next
TextBoxPassword.Text = s.ToString()
Dim pass = TextBoxPassword.Text
If Me.ValidateCredentials Then
Dim Obj As New Main
adminLogin = False
My.Forms.Main.RadTextBox1.Text = adminLogin
Me.DialogResult = Windows.Forms.DialogResult.OK
ElseIf Me.ValidateCredentials1 Then
Dim Obj As New Main
adminLogin = True
My.Forms.Main.RadTextBox1.Text = adminLogin
Me.DialogResult = Windows.Forms.DialogResult.OK
Else
Me.attemptCount += 1
Dim message As String
If Me.attemptCount = MAX_ATTEMPT_COUNT Then
message = "The maximum number of failed logins has been reached." & _
Environment.NewLine & _
"The application will now exit."
Me.DialogResult = Windows.Forms.DialogResult.Abort
Else
message = "The provided credentials are incorrect." & _
Environment.NewLine & _
"Please try again."
Me.TextBoxPassword.Clear()
Me.TextBoxUserName.SelectAll()
Me.TextBoxUserName.Select()
End If
MessageBox.Show(message, _
"Login Failed", _
MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
End Sub``
这是我更喜欢使用的密码类:
Imports System
Imports System.IO
Imports System.Security.Cryptography
Imports System.Data.OleDb
Imports System.Net.Sockets
Imports System.Text.RegularExpressions
Public Class PasswordHash
Public Const SALT_BYTE_SIZE As Integer = 24
Public Const HASH_BYTE_SIZE As Integer = 24
Public Const PBKDF2_ITERATIONS As Integer = 1000
Public Const ITERATION_INDEX As Integer = 0
Public Const SALT_INDEX As Integer = 1
Public Const PBKDF2_INDEX As Integer = 2
Public Shared Function CreateHash(password As String) As String
' Generate a random salt
Dim csprng As New RNGCryptoServiceProvider()
Dim salt As Byte() = New Byte(SALT_BYTE_SIZE - 1) {}
csprng.GetBytes(salt)
' Hash the password and encode the parameters
Dim hash As Byte() = PBKDF2(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE)
Return PBKDF2_ITERATIONS + ":" + Convert.ToBase64String(salt) + ":" + Convert.ToBase64String(hash)
End Function
''' <summary>
''' Validates a password given a hash of the correct one.
''' </summary>
''' <param name="password">The password to check.</param>
''' <param name="correctHash">A hash of the correct password.</param>
''' <returns>True if the password is correct. False otherwise.</returns>
Public Shared Function ValidatePassword(password As String, correctHash As String) As Boolean
' Extract the parameters from the hash
Dim delimiter As Char() = {":"c}
Dim split As String() = correctHash.Split(delimiter)
Dim iterations As Integer = Int32.Parse(split(ITERATION_INDEX))
Dim salt As Byte() = Convert.FromBase64String(split(SALT_INDEX))
Dim hash As Byte() = Convert.FromBase64String(split(PBKDF2_INDEX))
Dim testHash As Byte() = PBKDF2(password, salt, iterations, hash.Length)
Return SlowEquals(hash, testHash)
End Function
''' <summary>
''' Compares two byte arrays in length-constant time. This comparison
''' method is used so that password hashes cannot be extracted from
''' on-line systems using a timing attack and then attacked off-line.
''' </summary>
''' <param name="a">The first byte array.</param>
''' <param name="b">The second byte array.</param>
''' <returns>True if both byte arrays are equal. False otherwise.</returns>
Private Shared Function SlowEquals(a As Byte(), b As Byte()) As Boolean
Dim diff As UInteger = CUInt(a.Length) Xor CUInt(b.Length)
Dim i As Integer = 0
While i < a.Length AndAlso i < b.Length
diff = diff Or CUInt(a(i) Xor b(i))
i += 1
End While
Return diff = 0
End Function
''' <summary>
''' Computes the PBKDF2-SHA1 hash of a password.
''' </summary>
''' <param name="password">The password to hash.</param>
''' <param name="salt">The salt.</param>
''' <param name="iterations">The PBKDF2 iteration count.</param>
''' <param name="outputBytes">The length of the hash to generate, in bytes.</param>
''' <returns>A hash of the password.</returns>
Private Shared Function PBKDF2(password As String, salt As Byte(), iterations As Integer, outputBytes As Integer) As Byte()
Dim pbkdf2__1 As New Rfc2898DeriveBytes(password, salt)
pbkdf2__1.IterationCount = iterations
Return pbkdf2__1.GetBytes(outputBytes)
End Function
End Class
非常感谢任何帮助。
答案 0 :(得分:0)
您可以使用
//Store a password hash:
PasswordHash hash = new PasswordHash("password");
byte[] hashBytes = hash.ToArray();
//Check password against a stored hash
byte[] hashBytes = //read from store.
PasswordHash hash = new PasswordHash(hashBytes);
if(!hash.Verify("newly entered password"))
throw new System.UnauthorizedAccessException();