stackoom
  简体   繁体   中英

How to store salted hashed password in the database

 原文  2015-01-31 18:16:21       c#/ asp.net

Question

I'm trying to figure out a way to store a salted hashed password to my database. It's my first time doing so, so I'm kind of unsure of how the process should go about.

My ASP.NET C# Web Application first requires a user to register for an account. I have a data layer, business layer to call the method in the data layer, and a presentation layer to display the form controls. At the moment I'm using plain text to store the password in the database. Let's call that method createAccount() in the data layer. Username, password and other attributes are passed into the createAccount() method to invoke the SQL Query to create an Account record. Username and password is specified by the user in the registration page. I found a web site that provided me a method to generate my password with hash as follow: 

        public static string GenerateHashWithSalt(string password, string salt)
    {
        // merge password and salt together
        string sHashWithSalt = password + salt;
        // convert this merged value to a byte array
        byte[] saltedHashBytes = Encoding.UTF8.GetBytes(sHashWithSalt);
        // use hash algorithm to compute the hash
        System.Security.Cryptography.HashAlgorithm algorithm = new System.Security.Cryptography.SHA256Managed();
        // convert merged bytes to a hash as byte array
        byte[] hash = algorithm.ComputeHash(saltedHashBytes);
        // return the has as a base 64 encoded string
        return Convert.ToBase64String(hash);
    }

Where should I put this, in the registration page, in the code-behind ( .cs ) page, or in the data layer? And then, how would you all suggest I placed this hashed password in my database along with my other attributes? Should I directly store it as hashed, or store it in plaintext first, then update it to the hashed value. Thanks!

1 answers

solution1
 3 ACCPTED  2015-01-31 21:40:57

I would recommend using an existing implementation, instead of rolling your own here.

The asp.net membership database is perfect for this, and uses salting and hashing out of the box .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to compare password with salted hashed password How to store hashed password in database How to validate salted and hashed password in c# How to authenticate user against salted and hashed password and username? How to Store salt and hashed password Database in C# Encryption Comparing Hashed&Salted Password upon Login Extracting/Decrypting hashed/salted password out of XML file How to connect to MySQL database using hashed password Lifespan of hashed/salted passwords How to validate Password from database when password is hashed
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM