安全加密

两个文本框(用户名密码),一个提交按扭,点击按扭时进行加密及注册处理!
cs如下:

using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Security;
using System.IO;
using System.Text;
namespace Security.Formsauth
{
    /**//// <summary>
    /// Reg 的摘要说明。
    /// </summary>
    public class Reg : System.Web.UI.Page
    {
        protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator2;
        protected System.Web.UI.WebControls.TextBox tbPass;
        protected System.Web.UI.WebControls.Label Label2;
        protected System.Web.UI.WebControls.RequiredFieldValidator RequiredFieldValidator1;
        protected System.Web.UI.WebControls.TextBox tbName;
        protected System.Web.UI.WebControls.Label Label1;
        protected System.Web.UI.WebControls.Label Label3;
        protected System.Web.UI.WebControls.Button btnReg;
    
        private void Page_Load(object sender, System.EventArgs e)
        {
            // 在此处放置用户代码以初始化页面
        }

        Web Form Designer generated code#region Web Form Designer generated code
        override protected void OnInit(EventArgs e)
        {
            //
            // CODEGEN：该调用是 ASP.NET Web 窗体设计器所必需的。
            //
            InitializeComponent();
            base.OnInit(e);
        }
        
        /**//// <summary>
        /// 设计器支持所需的方法 - 不要使用代码编辑器修改
        /// 此方法的内容。
        /// </summary>
        private void InitializeComponent()
        {    
            this.btnReg.Click += new System.EventHandler(this.btnReg_Click);
            this.Load += new System.EventHandler(this.Page_Load);

        }
        #endregion

        private void btnReg_Click(object sender, System.EventArgs e)
        {
            SqlConnection con = new SqlConnection();
            con.ConnectionString = System.Configuration.ConfigurationSettings.AppSettings["DSN"];
            con.Open();
        
            //以下得到hash和salt加密串
            const int salSize = 16;
            // step 1: create some entropy for use as the salt
            RandomNumberGenerator rng = RandomNumberGenerator.Create();
            byte[] salt = new byte[ salSize ];
            rng.GetBytes(salt);


            // step 2: turn the password into bytes
            byte[] secret = Encoding.Unicode.GetBytes(tbPass.Text);


            // step 3: create the hash
            HashAlgorithm hashAlg = SHA1.Create();
            using(CryptoStream cs = new CryptoStream(Stream.Null, hashAlg, CryptoStreamMode.Write)) 
            {
                cs.Write(secret, 0, secret.Length);
                cs.Write(salt, 0, salt.Length);
                cs.FlushFinalBlock();
            }
            string strHash = Convert.ToBase64String(hashAlg.Hash);
            string strSalt = Convert.ToBase64String(salt);
            //
            string strSql = "insert into formsUserInfo values(@username,@hashPass,@saltPass)";
            SqlParameter sqlpUser = new SqlParameter("@username",SqlDbType.NVarChar,64);
            sqlpUser.Value = tbName.Text;
            SqlParameter sqlpPassHash = new SqlParameter("@hashPass",SqlDbType.NVarChar,50);
            SqlParameter sqlpPassSalt = new SqlParameter("@saltPass",SqlDbType.NVarChar,50);
            sqlpPassHash.Value = strHash;
            sqlpPassSalt.Value = strSalt;
            SqlCommand com = new SqlCommand(strSql,con);
            com.Parameters.Add(sqlpUser);
            com.Parameters.Add(sqlpPassHash);
            com.Parameters.Add(sqlpPassSalt);
            com.ExecuteNonQuery();
            con.Close();
            Response.Write("<script language='javascript'>alert('注册成功!')</script>");

        }
    }
}