Tuesday, January 26, 2010

Hash and Salt passwords in c#

The following post will be describing password hashing and adding a salt value to it....

  • Store the PasswordHash and salt in the database in the user's account.

  • Then, when the user attempts to logon the next time, grab the salt from the database and hash it as usual with the password provided by the user during logon and compare that value to the PasswordHash in the database. If they are the same, the user provided the correct password (whatever that may be). If they are not the same, the password entered was incorrect.


private static string CreateSalt(int size)
  {
   //Generate a cryptographic random number.
   RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
   byte[] buff = new byte[size];
   rng.GetBytes(buff);

   // Return a Base64 string representation of the random number.
   return Convert.ToBase64String(buff);
  }

private static string CreatePasswordHash(string pwd, string salt)
  {
   string saltAndPwd = String.Concat(pwd, salt);
   string hashedPwd = 
    FormsAuthentication.HashPasswordForStoringInConfigFile(
    saltAndPwd, "sha1");

   return hashedPwd;
  }
string salt = CreateSalt(TxtPassword.Text.Length);
string hash = CreatePasswordHash(TxtPassword.Text, salt);

25 comments:

  1. Hi there! Do you use Twitter? I'd like to follow you if that would be ok. I'm definitely enjoying your blog and look forward to new posts.



    Feel free to visit my blog :: wholesale costume jewelry

    ReplyDelete
  2. I've got liked and also the item I most covet from your Duke & Dutch range is Africa Earings

    Here is my blog - ,cheap earrings online uk

    ReplyDelete
  3. I like what you guys tend to be up too. This kind of clever work and reporting!
    Keep up the wonderful works guys I've added you guys to blogroll.

    My web site: best cloud hosting uk

    ReplyDelete
  4. For variations bigger and texture, this appears perhaps it will recieve treatment with fine gold crochet wire or perhaps a thin metallic thread
    or cord.

    Feel free to surf to my webpage; ,cheap earring sets

    ReplyDelete
  5. Terrific work! This is the kind of information that should be shared around
    the internet. Disgrace on the search engines for
    not positioning this post higher! Come on over and visit my site .
    Thanks =)

    My homepage - den0v5yoeh.livejournal.com

    ReplyDelete
  6. It is all totally beautiful during this page

    Also visit my webpage danon jewellery stockists uk

    ReplyDelete
  7. We're delighted that we discovered this page , precisely the right information we needed! .

    Here is my website ,Cheap earrings uk

    ReplyDelete
  8. Great point of view! While using the current economical situations,
    I think you'll see more of these varieties of things.

    Feel free to visit my web site ... ,cheap pretty earrings

    ReplyDelete
  9. sir, please send the video clip to my email, its remarkable.


    Stop by my weblog - xerox phaser 8560 driver

    ReplyDelete
  10. I absolutely love that cotton reel and the idea that it's slightly wonky can make it much more charming! Am i allowed to place an order? In truth I really like your little treasures and have the in an identical way about dolls house accessories.

    Review my blog post how to clean silver Jewellery

    ReplyDelete
  11. I've recently been detected with bladder cancer cells and look over that it takes some time to establish.

    Also visit my web-site: http://flat.sitemix.Jp

    ReplyDelete
  12. Vote How you can Clean Costume Jewelry

    Here is my page :: silver jewellery boxes
    (http://squarecircle-films.com/)

    ReplyDelete
  13. I'm no longer sure where you are getting your information, however great topic. I needs to spend a while finding out much more or understanding more. Thank you for fantastic info I was looking for this info for my mission.

    Have a look at my web blog :: xerox 8560n

    ReplyDelete
  14. I would like to buy LED 32, but I found the pricing too high.
    Can anyone let me know the picture quality(generally the performance)

    Also visit my web site lg 42 ls56 series

    ReplyDelete
  15. hello there and thank you for your information
    – I've definitely picked up something new from right here. I did however expertise some technical points using this web site, as I experienced to reload the site lots of times previous to I could get it to load correctly. I had been wondering if your web host is OK? Not that I am complaining, but slow loading instances times will often affect your placement in google and could damage your high quality score if advertising and marketing with Adwords. Anyway I'm
    adding this RSS to my email and can look out for a lot more of your
    respective interesting content. Make sure you update this again very soon.


    Also visit my weblog ... Buy LG 42LS5600

    ReplyDelete
  16. After i saw my email I think that you were slipping.
    The pieces seemed like plastic or pasta. While i had got to the blog I understood why.

    You're so clever and also the pieces are good. Can't wait to adopt your class

    Feel free to visit my web-site ... ,cheap earring sets

    ReplyDelete
  17. Your mode of telling all in this piece of writing
    is actually fastidious, all be able to effortlessly be
    aware of it, Thanks a lot.

    Here is my homepage :: Sure flap cat flap

    ReplyDelete
  18. It's going to be end of mine day, however before end I am reading this impressive article to increase my know-how.

    Have a look at my website - Private cloud (www.privatecloudandhosting.info)

    ReplyDelete
  19. This is a topic which is close to my heart... Cheers!
    Exactly where are your contact details though?

    My page ... Hultquist Stockists - Http://Pinterest.Com/Lizzielanejewel/Hultquist-Jewellery -

    ReplyDelete
  20. Hey, Do you think its additionally terrific to
    acquire a made use of inkjet for house use? Where can i
    discover Amazon or Best-Buy?

    Feel free to visit my page: xerox phaser 8560mfp :
    : ::

    ReplyDelete
  21. Greetings from Carolina! I'm bored to tears at work so I decided to check out your website on my iphone during lunch break. I really like the information you provide here and can't wait
    to take a look when I get home. I'm surprised at how fast your blog loaded on my cell phone .. I'm not even using WIFI, just 3G .
    . Anyways, wonderful blog!

    Look into my blog :: xerox 8560 yellow

    ReplyDelete
  22. Hi Susan! Apparently not every tips are the same Mollie, who
    have many soldering experience (both jewelry and stained glass) tells
    me iron-clad tips are durable all of which will serve you for
    a lifetime, but that other tips easily get corroded and damaged.
    Some Weller tips are iron-clad, others aren't. The sal ammoniac is corrosive, so without that factory-applied iron-clad tip, it can cause damage. I hope this info helps even now opt for fun to struggle with tools when you've got art in making!


    Also visit my blog - how to clean silver jewellery

    ReplyDelete
  23. With havin so much content do you ever run into
    any issues of plagorism or copyright violation? My site has a lot of completely unique content I've either authored myself or outsourced but it seems a lot of it is popping it up all over the internet without my permission. Do you know any ways to help protect against content from being ripped off? I'd certainly appreciate it.


    Also visit my webpage xerox 8560mfp driver

    ReplyDelete
  24. Admiring the hard wοгk yοu put into your blog
    аnԁ in depth infoгmation you οffer.

    It's great to come across a blog every once in a while that isn't
    thе ѕаme old rеhashed matеrial.
    Fаntastіc reaԁ! Ӏ've bookmarked your site and I'm incluԁing yоur RЅS feеds to mу Google account.



    Here is my site: facebook phone number

    ReplyDelete
  25. Sir, pls send out that video to my email I.D. It will be assistance ful 2 make pcb easy.
    Thankyou.

    my website xerox phaser 8560 Color printer - projectwiki.herlig.net -

    ReplyDelete