comparing salt and hashed passwords during login doesn't seem work right....

Posted by Pandiya Chendur on Stack Overflow See other posts from Stack Overflow or by Pandiya Chendur
Published on 2010-05-19T06:35:26Z Indexed on 2010/05/19 6:40 UTC
Read the original article Hit count: 290

Filed under:
|
|
|
|

I stored salt and hash values of password during user registration... But during their login i then salt and hash the password given by the user, what happens is a new salt and a new hash is generated....

string password = collection["Password"];
reg.PasswordSalt = CreateSalt(6);
reg.PasswordHash = CreatePasswordHash(password, reg.PasswordSalt);

These statements are in both registration and login....

salt and hash during registration was eVSJE84W and 18DE22FED8C378DB7716B0E4B6C0BA54167315A2

During login it was 4YDIeARH and 12E3C1F4F4CFE04EA973D7C65A09A78E2D80AAC7..... Any suggestion....

    public static string CreateSalt(int size)
    {
        //Generate a cryptographic random number.
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] buff = new byte[size];
        rng.GetBytes(buff);

        // Return a Base64 string representation of the random number.
        return Convert.ToBase64String(buff);
    }

    public static string CreatePasswordHash(string pwd, string salt)
    {
        string saltAndPwd = String.Concat(pwd, salt);
        string hashedPwd =
         FormsAuthentication.HashPasswordForStoringInConfigFile(
         saltAndPwd, "sha1");

        return hashedPwd;
    }

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about hash