1,105,177 Community Members

salting and hashing

Member Avatar
HunainHafeez
Posting Whiz
340 posts since Aug 2012
Reputation Points: 9 [?]
Q&As Helped to Solve: 4 [?]
Skill Endorsements: 2 [?]
 
0
 

i figured out the problem

it is that Hash function generates different hash each time for same value i.e 12345 and thats why it doesn't match during login with the one that i submitted during signup.

so is there any way to make the hash stable for same value

e.g. for 1234 a hash should be = 14012dn2998du293ur2ur09u20u092t89284, each time

here is the code:

protected void btnLogin_Click(object sender, EventArgs e)
    {
 String hashing_pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPwd.Text, "sha1"); String hashed_pwd = String.Concat(CreateSalt(), hashing_pwd); Response.Write(hashed_pwd);         String con_string = ConfigurationManager.ConnectionStrings["todolist_connectionstring"].ConnectionString;
        SqlConnection con = new SqlConnection(con_string);
        SqlCommand comm = new SqlCommand("member_login", con);
        comm.CommandType = CommandType.StoredProcedure;
        comm.Parameters.Add("@email", SqlDbType.VarChar);
        comm.Parameters["@email"].Value = txtboxEmail.Text;
        comm.Parameters.Add("@pwd", SqlDbType.VarChar);
        comm.Parameters["@pwd"].Value = hashed_pwd;
        comm.Parameters.Add("@result", SqlDbType.Int);
        comm.Parameters["@result"].Direction = ParameterDirection.Output;

        try
        {
            con.Open();
            comm.ExecuteNonQuery();
            int res = (int)comm.Parameters["@result"].Value;
            if (res > 0 )
            {
                Response.Write("<br/>" + "MATCHED");
            }
            else
            {
                Response.Write("<br/>" + "UN- MATCHED");
            }


        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }
        finally
        {
            con.Close();
        }


    }

    protected static string CreateSalt()
    {
     RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
     byte[] byteArr = new byte[32];
     rng.GetBytes(byteArr); return Convert.ToBase64String(byteArr);
    }
}
Member Avatar
JorgeM
IT Addict
6,379 posts since Dec 2011
Reputation Points: 567 [?]
Q&As Helped to Solve: 952 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
1
 

Are you saying that you are getting a different hash value for the same number each time you run it?

Member Avatar
JorgeM
IT Addict
6,379 posts since Dec 2011
Reputation Points: 567 [?]
Q&As Helped to Solve: 952 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
1
 

I'm not familiar with that provider (RNGCryptoServiceProvider), but I looked it up and its working as expected. According to my research, RNGCryptoServiceProvider generates high-quality random numbers. That would be the reason why you are getting different values. looks like there is missing stuff here. I'll read some more and hopefully can provide better assistance.

Question Answered as of 1 Year Ago by JorgeM
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: