【发布时间】:2016-04-24 07:25:16
【问题描述】:
我正在尝试将用户输入我的数据库的密码作为 MD5 进行哈希处理,但我遇到了麻烦。我知道 MD5 不像以前那么安全了,现在也没有加盐了,这只是为了测试目的,我绝不会实际部署它以供人们使用。这只是为了好玩!用户名被输入到数据库中,但密码没有。这是我的代码:
Imports MySql.Data.MySqlClient
Imports System.Security.Cryptography
Imports System.Text
Public Class frmSignup
Dim ServerString As String = "Server=localhost;User Id=root;Password=;Database=accountinfo"
Dim SQLConnection As MySqlConnection = New MySqlConnection
Private Sub Form3_Load(sender As Object, e As EventArgs) Handles MyBase.Load
SQLConnection.ConnectionString = ServerString
Try
If SQLConnection.State = ConnectionState.Closed Then
SQLConnection.Open()
MsgBox("Successfully connected to DB")
Else
SQLConnection.Close()
MsgBox("Failed to connect to DB")
End If
Catch ex As Exception
MsgBox(ex.ToString)
End Try
End Sub
Public Sub SaveAccountInformation(ByRef SQLStatement As String)
Dim cmd As MySqlCommand = New MySqlCommand
With cmd
.CommandText = SQLStatement
.CommandType = CommandType.Text
.Connection = SQLConnection
.ExecuteNonQuery()
End With
SQLConnection.Close()
SQLConnection.Dispose()
End Sub
Private Sub btnSignup_Click(sender As Object, e As EventArgs) Handles btnSignup.Click
If txtPasswd.Text = txtPasswd2.Text Then
MessageBox.Show("Passwords Match!")
Dim HashedPass As String = ""
'Converts the Password into bytes, computes the hash of those bytes, and then converts them into a Base64 string
Using MD5hash As MD5 = MD5.Create()
System.Convert.ToBase64String(MD5hash.ComputeHash(System.Text.Encoding.ASCII.GetBytes(txtPasswd.Text)))
End Using
Dim SQLStatement As String = "INSERT INTO accountinfodb(`Usernames`, `Passwords`) VALUES ('" & txtUsername.Text & "','" & HashedPass & "')"
SaveAccountInformation(SQLStatement)
MessageBox.Show("Account Successfully Registered")
frmLogin.Show()
frmLoginScreen.Hide()
Else
MessageBox.Show("Passwords Do Not Match!")
txtPasswd.Text = Focus()
txtPasswd.Clear()
txtPasswd2.Text = Focus()
txtPasswd2.Clear()
End If
End Sub
End Class
我想我可能在我的 SQL 查询中添加了错误的值,但是如果我添加了 txtPasswd,我不确定将 HashedPass 变量放在我的代码中的什么位置?
【问题讨论】:
-
散列不是加密 - 它无法撤消。您应该不将 root/admin 密码放在应用程序中;创建具有所需权限的新帐户。 Complete set of methods for SHA password hashing 或者对于旧的 MD5,请参见 Hash with MD5 in VB.NET 加盐 PW 时,您确实需要保存哈希值和盐值,以便进行比较!
标签: mysql vb.net encryption hash