我试图在数据库中存储哈希密码。这里是我的代码:Bcrypt验证密码
string passwords = textBox2.Text;
string salt = BCrypt.Net.BCrypt.GenerateSalt(12);
string hashPwd = BCrypt.Net.BCrypt.HashPassword(passwords, salt);
try
{
SQLiteCommand command = new SQLiteCommand();
connection.Open();
command.Connection = connection;
command.CommandText = ((@"INSERT INTO acc (UserName, Pass) VALUES ('" + textBox1.Text + "','" + hashPwd+ "');"));
command.ExecuteNonQuery();
connection.Close();
}
catch (Exception ex)
{
MessageBox.Show("Error:" + ex.ToString());
return;
}
登录/验证码:
try
{
SQLiteDataAdapter sqlad = new SQLiteDataAdapter("SELECT COUNT(*) From acc WHERE Username = '" + textBox1.Text + "' AND Pass = '" + textBox2.Text + "' ", connection);
DataTable dt = new DataTable();
sqlad.Fill(dt);`
string userid = dt.Rows[0]["UserName"].ToString();
string password = dt.Rows[0]["Pass"].ToString();
bool flag = BCrypt.Net.BCrypt.Verify(textBox2.Text, password);
if (userid == textBox1.Text && flag == true)
{
Form2 frm = new Form2();
frm.Show();
}
else
{
MessageBox.Show("Invalid UserId or password");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
return;
}
我无法验证密码,我得到的错误,你能帮助我吗?还有一个问题,我应该在数据库中储存盐吗?
为什么在你的SELECT语句,你有'并通过= ' “+ textBox2.Text +”''?数据库中的密码是散列的,大概'textBox2.Text'包含纯文本,所以这找不到任何东西。您还要返回计数,而不是“用户名”和“通过”列,因此这些将不在结果集中。最后,可能想要阅读SQL注入。 – steve16351
如何将用户输入的密码与数据库中的哈希值进行比较? –
@LuisVito看看[这篇文章](https://crackstation.net/hashing-security.htm),尤其是[本节](https://crackstation.net/hashing-security.htm#properhashing) 。相关步骤在此处列出。请考虑阅读完整的文章;这是一个很好的:-) – khlr