All geek questions in one place

Hash password giving different results

I use the system that the previous developer wrote about. The system has an administrator approving the user account, and when they do this, the system uses the following method to hash the password and store it in the database. It sends an unmanaged password to the user. When a user logs on to the system, he uses the same method for the hash that the user enters and compares it with the database value. We encountered them several times when the record in the database does not match the input serum that they should use. Thus, it seems that the method does not always hash the value of the same thing. Does anyone know if this hashing method is reliable and how to make it reliable? Thank.

    private string HashPassword(string password)
    {
        string hashedPassword = string.Empty;

        // Convert plain text into a byte array.
        byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);

        // Allocate array, which will hold plain text and salt.
        byte[] plainTextWithSaltBytes =
                new byte[plainTextBytes.Length + SALT.Length];

        // Copy plain text bytes into resulting array.
        for(int i = 0; i < plainTextBytes.Length; i++)
            plainTextWithSaltBytes[i] = plainTextBytes[i];

        // Append salt bytes to the resulting array.
        for(int i = 0; i < SALT.Length; i++)
            plainTextWithSaltBytes[plainTextBytes.Length + i] = SALT[i];

        // Because we support multiple hashing algorithms, we must define
        // hash object as a common (abstract) base class. We will specify the
        // actual hashing algorithm class later during object creation.
        HashAlgorithm hash = new SHA256Managed();

        // Compute hash value of our plain text with appended salt.
        byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);

        // Create array which will hold hash and original salt bytes.
        byte[] hashWithSaltBytes = new byte[hashBytes.Length +
                                            SALT.Length];
        // Copy hash bytes into resulting array.
        for(int i = 0; i < hashBytes.Length; i++)
            hashWithSaltBytes[i] = hashBytes[i];

        // Append salt bytes to the result.
        for(int i = 0; i < SALT.Length; i++)
            hashWithSaltBytes[hashBytes.Length + i] = SALT[i];

        // Convert result into a base64-encoded string.
        hashedPassword = Convert.ToBase64String(hashWithSaltBytes);

        return hashedPassword;
    }
+3
2

. , , .

- , .

. wikipedia http://en.wikipedia.org/wiki/Salt_%28cryptography%29 .

http://msdn.microsoft.com/en-us/magazine/cc164107.aspx:

, . - , , . . , , . , , . :

<users>
  <user name='Alice' salt='Tu72*&' password='6DB80AE7...'/>
  <user name='Bob'   salt='N5sb#X' password='096B1085...'/>
  <user name='Fred'  salt='q-V3bi' password='9118812E...'/>
</users>

, . , .

+4

( ), ( - SHA256 Base64), , " ".

(: - , , - ), , . , ? , ? , - ? , , .

+1

Source: https://habr.com/ru/post/1737690/

More articles:


All Articles