Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Your implementation is probably good enough, but it would be better to use a salt with more entropy: the ticks value that you're currently using will always be in a relatively small range.</p> <p>I would suggest using something like <a href="http://en.wikipedia.org/wiki/PBKDF2" rel="noreferrer">PBKDF2</a> to do the work for you, via <a href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx" rel="noreferrer"><code>Rfc2898DeriveBytes</code></a>:</p> <pre><code>string username = "myUsr"; string password = "myPwd"; using (var deriveBytes = new Rfc2898DeriveBytes(password, 20)) // 20-byte salt { byte[] salt = deriveBytes.Salt; byte[] key = deriveBytes.GetBytes(20); // 20-byte key string encodedSalt = Convert.ToBase64String(salt); string encodedKey = Convert.ToBase64String(key); // store encodedSalt and encodedKey in database // you could optionally skip the encoding and store the byte arrays directly db.CreateUser(username, encodedSalt, encodedKey); } </code></pre> <p>And to authenticate...</p> <pre><code>string username = "myUsr"; string password = "myPwd"; string encodedSalt, encodedKey; // load encodedSalt and encodedKey from database for the given username byte[] salt = Convert.FromBase64String(encodedSalt); byte[] key = Convert.FromBase64String(encodedKey); using (var deriveBytes = new Rfc2898DeriveBytes(password, salt)) { byte[] testKey = deriveBytes.GetBytes(20); // 20-byte key if (!testKey.SequenceEqual(key)) throw new InvalidOperationException("Password is invalid!"); } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload