0

I could barely find any good hash+salt guide specified for Asp.net Mvc. So far I managed to hash my password and store it in database(upon register). For login, I hash users input, check if it's same hash value in db. 

Password = HashPass(input.Password).ToString();

Using following method to hash password, that I later store in db. 

public string HashPass(string password) {

        byte[] encodedPassword = new UTF8Encoding().GetBytes(password);
        byte[] hash = ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(encodedPassword);
        string encoded = BitConverter.ToString(hash)
            .Replace("-", string.Empty)
            .ToLower();

        return encoded;
    }

Now to Salt, what are they really? How do they work? How do I combine salt with my solution?

Any help is much appreciated.

Nyprez
  • 306
  • 4
  • 18
  • [This article](https://crackstation.net/hashing-security.htm) worth reading. –  Oct 04 '16 at 10:30
  • @StephenMuecke If I understood it correctly, you hash the password, salt it(like an another layer of "random-hash" which makes it unique and very difficult to break). Now upon login, you use the salt to "un-salt" the hash -> compare the hashed password with hashed input? – Nyprez Oct 04 '16 at 10:52
  • @StephenMuecke Thanks for the article, but is there any good code example? I checked the code example within that article but I couldn't tell which was hash and salt. – Nyprez Oct 04 '16 at 10:55
  • The article includes the link to [this code](https://github.com/defuse/password-hashing) - refer the `PasswordStorage.cs` file –  Oct 04 '16 at 11:19
  • @StephenMuecke Thanks I will look into it. Are hash+salt method usually that long(almost 200 lines)? – Nyprez Oct 04 '16 at 17:26

0 Answers0