c# - Sanity Check: Salt and hashed passwords -
I had an idea about hashed passwords and salt values, because I'm new to hansing and encryption, so I thought I'll post it to you. Will it be more secure to generate a unique salt for each user account, then store the salt and hashed values in the database? Or, whenever I've saved a password, keep a single salt value securely stored and reused?
For example, a user will use the password:
"secret"
My code will generate a salt value:
"d1d0e3d4b3d1ed1598a4e77bb614750a2a175e"
the results obtained to hash:
Any thoughts? Like I said, this is a prudent investigation on my mind.
< / Div>
Collecting a unique salt per user is a good idea in my opinion to regenerate the salt / hash combination The time the user logs in, it is a little redundant as long as you have Eepiu cycle does not burn. I recommend using something like a class to generate a safe salt / hash combo:
A simple example of creating a password with a hash:
String password = gatepad formconfig (); (Var deriveBytes = new Rfc2898 using derivatives (password, 32)) / 32-byte salt {byte] salt = deriveBytes.Salt; Byte [] hash = derivative bytes.getbites (32); // 32-byte hash SaveToDatabase (salt, hash); }
and related to a password check:
string password = GetPasswordFromInput (); Byte [] Salt = GetSaltFromDatabase (); Byte [Hash = GetHashFromDatabase (); (If deriveBytes.GetBytes (32) .equenceEqual (hash)) console using Var deriveBytes = new Rfc2898DeriveBytes (password, salt)). WriteLine ("Password matches"); And throw new exceptions ("bad password"); }
Comments
Post a Comment