Hash and salt passwords in C# -


i going through 1 of davidhayden's articles on hashing user passwords.

really can't trying achieve.

here code:

private static string createsalt(int size) {     //generate cryptographic random number.     rngcryptoserviceprovider rng = new rngcryptoserviceprovider();     byte[] buff = new byte[size];     rng.getbytes(buff);      // return base64 string representation of random number.     return convert.tobase64string(buff); }  private static string createpasswordhash(string pwd, string salt) {     string saltandpwd = string.concat(pwd, salt);     string hashedpwd =         formsauthentication.hashpasswordforstoringinconfigfile(         saltandpwd, "sha1");     return hashedpwd; }

is there other c# method hashing passwords , adding salt it?

actually kind of strange, string conversions - membership provider put them config files. hashes , salts binary blobs, don't need convert them strings unless want put them text files.

in book, beginning asp.net security, (oh finally, excuse pimp book) following

static byte[] generatesaltedhash(byte[] plaintext, byte[] salt) {   hashalgorithm algorithm = new sha256managed();    byte[] plaintextwithsaltbytes =      new byte[plaintext.length + salt.length];    (int = 0; < plaintext.length; i++)   {     plaintextwithsaltbytes[i] = plaintext[i];   }   (int = 0; < salt.length; i++)   {     plaintextwithsaltbytes[plaintext.length + i] = salt[i];   }    return algorithm.computehash(plaintextwithsaltbytes);             }

the salt generation example in question. can convert text byte arrays using encoding.utf8.getbytes(string). if must convert hash string representation can use convert.tobase64string , convert.frombase64string convert back.

you should note cannot use equality operator on byte arrays, checks references , should loop through both arrays checking each byte thus

public static bool comparebytearrays(byte[] array1, byte[] array2) {   if (array1.length != array2.length)   {     return false;   }    (int = 0; < array1.length; i++)   {     if (array1[i] != array2[i])     {       return false;     }   }    return true; }

always use new salt per password. salts not have kept secret , can stored alongside hash itself.


-

Comments

Post a Comment

Popular posts from this blog

angular - Is it possible to get native element for formControl? -

i've got angular2 reactive form . created formcontrol s , assigned input fields by [formcontrol]=... . understand creates nativeelement <-> formcontrol link. my question: possible nativeelement formcontrol ? wanna myformcontrol.nativeelement.focus() i can share 1 terrible solution works me. in reactive forms can use either 1) formcontroldirective ts mycontrol = new formcontrol('') template <input type="text" [formcontrol]="mycontrol"> or 2) formcontrolname ts myform: formgroup; constructor(private fb: formbuilder) {} ngoninit() { this.myform = this.fb.group({ foo: '' }); } template <form [formgroup]="myform"> <input type="text" formcontrolname="foo"> </form> so these directives write patch like 1) formcontroldirective const originformcontrolngonchanges = formcontroldirective.prototype.ngonchanges; formcontroldirective.proto
Read more

unity3d - Rotate an object to face an opposite direction -

i have object , b. when click on object b, rotates object b (a faces b). b doesn't face a. need following : when faces b, need face opposite direction. have code rotating @ b. how rotate face opposite direction after that? vector3 targetdirection = target - transform.position; float step = speed * time.deltatime; vector3 newdirection = vector3.rotatetowards (turretdome.transform.forward, targetdirection, step, 0.0f); turretdome.transform.rotation = quaternion.lookrotation (newdirection); you object facing object b, want inverse direction of object after that? objecta.transform.rotation = quaternion.inverse(objecta.transform.rotation) but lets assume example turretdome object a, (negate direction): turretdome.transform.rotation = quaternion.lookrotation (-newdirection); naturally, both of these snippets not show how smoothen rotation, seem know how use time.deltatime. just incase unsure, quaternion.lerp this
Read more

javascript - Why jQuery Select box change event is now working? -

i working on product filters user select select box according his/her preference not getting selected value user in jquery. html code:- <select name="product_filter" id="product_filter"> <option value="price_low_first">price : low high</option> <option value="price_high_first">price : high low</option> <option value="latest">latest</option> <option value="popular">most popular</option> </select> jquery code: $(function () { $("#product_filter").change(function () { alert("hi") var selectedtext = $(this).find("option:selected").text(); var selectedvalue = $(this).val(); alert("selected text: " + selectedtext + " value: " + selectedvalue); }); }); hi believe code perfect. once please check jquery.min.js
Read more