Member Avatar for sanjeewa.abeywardana

I have heard that table security for data stored in the table can be made by storing Hashbyte data in a column.

So anyone comes and change values manually in a table will be identified and that record be ommited for further calculation

Need help on these areas

CREATE TABLE [dbo].[sample1](
code varchar(50) NULL,
[hashcol] varchar(100) NULL
) ON [PRIMARY]
GO

using 2012 VS and ADO .NET with sql server 2008

  1. this is my table and trying to insert hashbyte data to hashcol column from csharp application

    HOW TO GENERATE HASHBYTE VALUE FROM CSHARP ?

I have used this

public static byte[] SHA512(String plaintext)
{
  // convert the passPhrase string into a byte array
  ASCIIEncoding AE = new ASCIIEncoding();
  byte[] passBuff = AE.GetBytes(plaintext);

  SHA512Managed hashVal = new SHA512Managed();
  byte[] passHash = hashVal.ComputeHash(passBuff);

  return passHash;
}

need better guide/example
2)how to regenerate hashcol value automatically if some one changed existing record?
3) how to compare 2 values , both old and existing hashed values from database and csharp application

Hope for some guide since I'm new to these security measures

Edited by sanjeewa.abeywardana
  • 2 Contributors
  • 1 Reply
  • 189 Views
  • 18 Hours Discussion Span
  • Latest Post Latest Post by Ketsuekiame
Member Avatar for Ketsuekiame

Ok so the only way this would really provide security is if you used some unknown password (referred to as salt) to generate the hashes. Otherwise, anyone would be able to modify the table and then generate the hash to make it look like it hadn't been tampered with.

Using a salt could be as simple as hardcoding a string into your application and appending it to your value that will be hashed.

...

string myVal = "ValueToBeHashed";
const string Salt = "asgG&T£$Juu";

string computeValue = String.Concat(myVal, Salt);
SHA512Managed hasher = new SHA512Managed();
byte[] hashValue = hasher.ComputeHash(computeValue);

...

Secondly, you don't want to make anything but your application be able to automatically compute the value. If you set your database to do it, then you don't gain anything in terms of security. This is because as soon as the offender updates the database, the database would recompute the hash value for them.

To compare the two, you simply need to perform the hash step again and perform a Array.SequenceEqual between the two hashed byte arrays.

I supposed I ought to point out that this won't help protect your database, but it will help discover evidence of tampering.

Edited by Ketsuekiame
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.