.NET 5 Identity CreateAsync() 是否使用 sha512 进行散列和加盐
Does .NET 5 Identity CreateAsync() use sha512 for hashing and salting
我目前正在使用内置的 .NET 5 Identity CreateAsync() 创建新的用户帐户。这是为了获取他们的密码,对它们进行哈希处理,然后对它们进行加盐处理。 .NET 5 CreateAsync() 方法是否使用 SHA1、SHA256 或 SHA512 并加盐?
根据 PasswordHasher source code for .NET 5.0.17:
/* =======================
* HASHED PASSWORD FORMATS
* =======================
*
* Version 2:
* PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
* (See also: SDL crypto guidelines v5.1, Part III)
* Format: { 0x00, salt, subkey }
*
* Version 3:
* PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
* Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey }
* (All UInt32s are stored big-endian.)
*/
NOTE: .NET 5 is no longer under support as of May 10, 2022, so there will be no security patches. You should upgrade to .NET 6+ ASAP.
我目前正在使用内置的 .NET 5 Identity CreateAsync() 创建新的用户帐户。这是为了获取他们的密码,对它们进行哈希处理,然后对它们进行加盐处理。 .NET 5 CreateAsync() 方法是否使用 SHA1、SHA256 或 SHA512 并加盐?
根据 PasswordHasher source code for .NET 5.0.17:
/* =======================
* HASHED PASSWORD FORMATS
* =======================
*
* Version 2:
* PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
* (See also: SDL crypto guidelines v5.1, Part III)
* Format: { 0x00, salt, subkey }
*
* Version 3:
* PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
* Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey }
* (All UInt32s are stored big-endian.)
*/
NOTE: .NET 5 is no longer under support as of May 10, 2022, so there will be no security patches. You should upgrade to .NET 6+ ASAP.