Salt and hash a password in .NET

Posted by Jon Canning on Geeks with Blogs See other posts from Geeks with Blogs or by Jon Canning
Published on Thu, 14 Jun 2012 18:22:03 GMT Indexed on 2012/06/15 15:17 UTC
Read the original article Hit count: 517

Filed under:
I endeavoured to follow the CrackStation rules: Salted Password Hashing - Doing it Right
    public class SaltedHash
    {
        public string Hash { getprivate set; }
        public string Salt { getprivate set; }
 
        public SaltedHash(string password)
        {
            var saltBytes = new byte[32];
            new RNGCryptoServiceProvider().GetNonZeroBytes(saltBytes);
            Salt = ConvertToBase64String(saltBytes);
            var passwordAndSaltBytes = Concat(password, saltBytes);
            Hash = ComputeHash(passwordAndSaltBytes);
        }
 
        static string ConvertToBase64String(byte[] bytes)
        {
            return Convert.ToBase64String(bytes);
        }
 
        static string ComputeHash(byte[] bytes)
        {
            return ConvertToBase64String(SHA256.Create().ComputeHash(bytes));
        }
 
        static byte[] Concat(string password, byte[] saltBytes)
        {
            var passwordBytes = Encoding.UTF8.GetBytes(password);
            return passwordBytes.Concat(saltBytes).ToArray();
        }
 
        public static bool Verify(string salt, string hash, string password)
        {
            var saltBytes = Convert.FromBase64String(salt);
            var passwordAndSaltBytes = Concat(password, saltBytes);
            var hashAttempt = ComputeHash(passwordAndSaltBytes);
            return hash == hashAttempt;
        }
    }

© Geeks with Blogs or respective owner