无论采用哪种方式存储密码哈希都是安全的。散列密码的想法是，这样就不能对密码进行反向工程。这就是为什么推荐使用散列密码并通常将其存储在数据库（即ASP.net成员资格提供程序）中的原因。您可以使用加密，但是恕我直言，它不如哈希安全。

Storing a password hash is secure whichever way you go. The idea of hashing the password is so that it can't be reverse engineered into the password. That is why hashed passwords are recommended practice and commonly stored in databases (ie ASP.net membership provider). Youc an use encryption, but IMHO that is less secure than hashing.

在会话状态下存储哈希密码，无论是inProc，sqlserver还是会话服务器都可以。存储原始密码应该是一项悬而未决的事情。

Storing a hash password in session state, either inProc, sqlserver or session server is fine. Storing the raw password should be a hanging offence.

由于SHA1被确定为不安全的，因此您将避免通过表单或URL信息将散列的密码暴露给全世界。我会建议使用SHA256，但无论如何不要发布哈希。

You would avoid exposing the hashed password to the world either via form or url information as SHA1 has been determined to be insecure. I would recommend SHA256 but in any case don't publish the hash.

我想知道为什么您要保留所有这些信息。我想不出它有什么价值。密码散列后，就不能用来在其他站点上对用户进行重新认证。

I would be wondering why you want to keep this information at all. I can't think of any value it has. Once the password has been hashed, it can't be used to re-authenticate the user onto a different site.