The maximum base64 encoded salt / password length for this algorithm

Question

The maximum base64 encoded salt / password length for this algorithm

The following is a snippet of code that was used for hash passwords in the application I am rewriting:

internal string GenerateSalt() { byte[] buf = new byte[16]; (new RNGCryptoServiceProvider()).GetBytes(buf); return Convert.ToBase64String(buf); } internal string EncodePassword(string pass, string salt) { byte[] bIn = Encoding.Unicode.GetBytes(pass); byte[] bSalt = Convert.FromBase64String(salt); byte[] bAll = new byte[bSalt.Length + bIn.Length]; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); HashAlgorithm s = HashAlgorithm.Create("SHA512"); byte[] bRet = s.ComputeHash(bAll); return Convert.ToBase64String(bRet); }

The hashed password and salt are later stored in the database. What will be the maximum length of the coded salt and password?

+6

c # sql-server encoding base64 character-encoding

Andrey Jul 29 '11 at 15:43

source share

1 answer

Silence · Accepted Answer · 2011-07-29T15:49:09+0000

Since the SHA- 512 Hash is always 512 bits = 64 bytes, and base64 needs (n + 2 - ((n + 2) % 3)) / 3 * 4 bytes, you will always need 88 bytes to store the data.

The maximum base64 encoded salt / password length for this algorithm

More articles: