1.11M Members

salting and hashing

 
0
 

i figured out the problem

it is that Hash function generates different hash each time for same value i.e 12345 and thats why it doesn't match during login with the one that i submitted during signup.

so is there any way to make the hash stable for same value

e.g. for 1234 a hash should be = 14012dn2998du293ur2ur09u20u092t89284, each time

here is the code:

protected void btnLogin_Click(object sender, EventArgs e)
    {
 String hashing_pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtboxPwd.Text, "sha1"); String hashed_pwd = String.Concat(CreateSalt(), hashing_pwd); Response.Write(hashed_pwd);         String con_string = ConfigurationManager.ConnectionStrings["todolist_connectionstring"].ConnectionString;
        SqlConnection con = new SqlConnection(con_string);
        SqlCommand comm = new SqlCommand("member_login", con);
        comm.CommandType = CommandType.StoredProcedure;
        comm.Parameters.Add("@email", SqlDbType.VarChar);
        comm.Parameters["@email"].Value = txtboxEmail.Text;
        comm.Parameters.Add("@pwd", SqlDbType.VarChar);
        comm.Parameters["@pwd"].Value = hashed_pwd;
        comm.Parameters.Add("@result", SqlDbType.Int);
        comm.Parameters["@result"].Direction = ParameterDirection.Output;

        try
        {
            con.Open();
            comm.ExecuteNonQuery();
            int res = (int)comm.Parameters["@result"].Value;
            if (res > 0 )
            {
                Response.Write("<br/>" + "MATCHED");
            }
            else
            {
                Response.Write("<br/>" + "UN- MATCHED");
            }


        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
        }
        finally
        {
            con.Close();
        }


    }

    protected static string CreateSalt()
    {
     RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
     byte[] byteArr = new byte[32];
     rng.GetBytes(byteArr); return Convert.ToBase64String(byteArr);
    }
}
 
1
 

Are you saying that you are getting a different hash value for the same number each time you run it?

 
1
 

I'm not familiar with that provider (RNGCryptoServiceProvider), but I looked it up and its working as expected. According to my research, RNGCryptoServiceProvider generates high-quality random numbers. That would be the reason why you are getting different values. looks like there is missing stuff here. I'll read some more and hopefully can provide better assistance.

Question Answered as of 1 Year Ago by JorgeM
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: