I would use at least a keyed hash such as HMACSHA1 and use the full
resulting hash size to store in the db.
How you get and set values to your DB depends on your needs. You could use
sql, and xml file, txt/csv/tsv (e.g. good ol unix style.)
// Your PW system. Use at least a "keyed" hash.
byte[] key = Encoding.UTF8.GetBytes("my key"); // Use same each time, but
hide.
HMACSHA1 hmac = new HMACSHA1(key);
// Enter Password into db.
string userPW = "letmein";
byte[] pwBytes = Encoding.UTF8.GetBytes(userPW);
byte[] pwHash = hmac.ComputeHash(pwBytes);
// Store pwHash with User's Record in db.
// Verify Password.
byte[] storedHash = pwHash; // TODO: Get pw hash bytes from DB.
string enteredPW = "nogo";
byte[] newHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(enteredPW) );
if ( BuffersEqual(storedHash, newHash) )
Console.WriteLine("Password valid.");
else
Console.WriteLine("Invalid password.");
public static bool BuffersEqual(byte[] a1, byte[] a2)
{
if ( a1 == null || a2 == null )
throw new ArgumentNullException("null parm.");
if ( a1.Length != a2.Length )
return false;
Console.WriteLine("Hash1:"+BitConverter.ToString(a 1));
Console.WriteLine("Hash2:"+BitConverter.ToString(a 2));
for(int i=0; i < a1.Length; i++)
{
if ( a1[i] != a2[i] )
return false;
}
return true;
}
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Phil Townsend" <ph*******@yahoo.com> wrote in message
news:uA**************@TK2MSFTNGP12.phx.gbl...
I have been asked to rewrite some apps that contain databases of
username and passwords to store the passwords as hashes. Getting the
data into a hash format is no problem. however, how do I go about
reading the hash value to validate a user? Is there a method of the
FormsAuthentication class for doing this?
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
