C# compare hashed password (Pbkdf2)
Question
I am developing an authentication in.Net Core. I have api to create a user with login and password.
I hashed the password, but I don't find any way to compare the hashed password, with the new input of the user.
I used the hash method given by microsoft:
// generate a 128-bit salt using a secure PRNG
byte[] salt = new byte[128 / 8];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(salt);
}
/// hashed will be stored in the DataBase as password
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: password,
salt: salt,
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
When the user do a login, he send a login and a password. I have no idea how to compare this password, with the hashed password from the database?
If I hash the password again, it will be a different hash, so that doesn't help
Any suggestion? I am surprised that I don't find answers about this:(
Thanks !
1 answers
solution1
2 ACCPTED 2020-06-15 20:06:35
UserInout: plaintext ==> Send to authentication service,
create account: generate salt, hash given plaintext-password with salt, store in account infos
authenticate: read hash from account info in your database, hash the given plaintext password with the read salt and compare that hash with the hash in your database. That is the simplest way of authentication.
Be sure to always use the individual hash that was created for each account, otherwise the hash will always be different and authentication will fail.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.