0

I have a table with usenames, hashed password and their salts, now in my application I want to verif the plain password with hashed one below is what I tried but does not generate the same hash, please suggest how can I solve this problem.

byte[] bIn = Encoding.Unicode.GetBytes(Password);
byte[] bSalt = Convert.FromBase64String(SaltValue);
byte[] bAll = new byte[bSalt.Length + bIn.Length];

Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);

HMACSHA256 s = new HMACSHA256();

return Convert.ToBase64String(s.ComputeHash(bAll));
Syed Waqas
  • 862
  • 2
  • 9
  • 29

1 Answers1

2

You should create one method to hash a password with a salt. Then use this method to encrypt the initial password. If you reuse this method verifying the password afterwards it will always match.

Make sure you retrieved the correct salt from your database for the account.

JMan
  • 2,611
  • 3
  • 30
  • 51
  • actually the password are already hashed from an ASP.NET MVC 4 default algorithm type i.e. HMACSHA256, now I am developing another application using the same database and login details – Syed Waqas Jun 18 '13 at 13:46
  • You should get your hands on the Hashing algorithm code. It will probably be slightly different then your. Or maybe you can ask them to provide the algorithm in an API – JMan Jun 18 '13 at 13:48
  • http://stackoverflow.com/questions/1300890/md5-hash-with-salt-for-keeping-password-in-db-in-c-sharp a link with an other algorithm – JMan Jun 18 '13 at 13:51
  • I have the that project as well they are using the membership default hashing algorithm which would be as I said HMACSHA256 that is the default one for mvc 4 if no one is specified as far as I know – Syed Waqas Jun 18 '13 at 13:52