Asp.net membership salt?
Posted
by
chobo2
on Stack Overflow
See other posts from Stack Overflow
or by chobo2
Published on 2009-08-12T18:26:51Z
Indexed on
2011/01/06
4:53 UTC
Read the original article
Hit count: 293
Hi
Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)?
I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can.
Thanks
Edit 2
Never Mind I mis read it and was thinking it said bytes not bit. So I was passing in 128 bytes not 128bits.
Edit
I been trying to make it so this is what I have
public string EncodePassword(string password, string salt)
{
byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] src = Encoding.Unicode.GetBytes(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
private byte[] createSalt(byte[] saltSize)
{
byte[] saltBytes = saltSize;
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(saltBytes);
return saltBytes;
}
So I have not tried to see if the asp.net membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt.
I did this
byte[] storeSalt = createSalt(new byte[128]);
string salt = Encoding.Unicode.GetString(storeSalt);
string base64Salt = Convert.ToBase64String(storeSalt);
int test = base64Salt.Length;
Test length is 172 what is well over the 128bits so what am I doing wrong?
This is what their salt looks like
vkNj4EvbEPbk1HHW+K8y/A==
This is what my salt looks like
E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=
© Stack Overflow or respective owner