public
static
string
GenerateSalt(
int
size)
{
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
byte [] buff = new byte [size];
crypto.GetBytes(buff);
return Convert.ToBase64String(buff);
}
public static string GeneratePwdHash( string pwd, string salt)
{
string saltpwd = string .Concat(pwd, salt);
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(saltpwd, " SHA1 " );
return password;
}
{
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
byte [] buff = new byte [size];
crypto.GetBytes(buff);
return Convert.ToBase64String(buff);
}
public static string GeneratePwdHash( string pwd, string salt)
{
string saltpwd = string .Concat(pwd, salt);
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(saltpwd, " SHA1 " );
return password;
}
我的问题是 要验证用户密码的时候每次随机产生的 salt 值都是不同的,再加密一下密码就跟数据库里的不同了,那不是每次验证都失败了?