0

I've had a look around around SO and found some useful info on using a hash, but not actually any information on how to use it with the StreamWriter function in C#.

The code I used from SO was the code I found here: How to hash a password - Christian Gollhardt

CODE

 private void Accept_Click(object sender, EventArgs e)
    {
        usrpass = usrpassTextbox.Text.ToString();
        usrid = usridTextbox.Text.ToString();

            if (FileExists() == true)
                {
                if (DialogResult.OK == MessageBox.Show("This user already exists, overwrite?", "Warning", MessageBoxButtons.OKCancel))
                    {
                    using (StreamWriter streamWriter = new StreamWriter(usrid + ".txt"))
                    { 
                        streamWriter.WriteLine(usrpass);
                        MessageBox.Show(id + "'s password has been saved");
                    }
                    }
                }
            else
            {
                using (StreamWriter streamWriter = new StreamWriter(usrid + ".txt"))
                    streamWriter.WriteLine(usrpass);
                MessageBox.Show(id + " " + "'s password has been saved");
            }
        }
    }

Also I am considering putting the saving into a method to reduce code, I know there's no point in writing it out twice.

Desired Outcome

I would like the password that is being written to the .txt file to be hashed, if this is hashed, will the user still be able to login when I write a bit of code that checks if the user's txt file exists, then reads it for the password?

Will I have to unhash it?

As of yet, I have the code I borrowed from Christian but not sure how to use it to hash the usrpassbefore it is written to file

Community
  • 1
  • 1
Danny Watson
  • 165
  • 5
  • 24
  • You can't *unhash* since hashing is *one way* only. You have to compare hashes (password's hash and user input's one) – Dmitry Bychenko Dec 30 '16 at 22:14
  • I see, is this common-folk friendly? As in - would a user have to save a given hash in order to successfully log in? – Danny Watson Dec 30 '16 at 22:14
  • I found this thread interesting on hashing: http://security.stackexchange.com/questions/11717/why-are-hash-functions-one-way-if-i-know-the-algorithm-why-cant-i-calculate-t – lonious Dec 30 '16 at 22:18
  • You cant unhash it - thats the point of hashing. Convert the PBKDF2 result (better than MD5) to a base64 string if you are saving to a text file. Then to log in or whatever you are doing, ask for the PW, hash it and see if the hashes match (after converting the B64 back to bytes). I have no idea how you plan to track multiple users/pws in one file – Ňɏssa Pøngjǣrdenlarp Dec 31 '16 at 00:35
  • Plutonix - each user has a seperate file according to their ID – Danny Watson Dec 31 '16 at 15:46

1 Answers1

1
public static string CreateMD5(string input)
    {
        // Use input string to calculate MD5 hash
        using (System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create())
        {
            byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
            byte[] hashBytes = md5.ComputeHash(inputBytes);

            // Convert the byte array to hexadecimal string
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hashBytes.Length; i++)
            {
                sb.Append(hashBytes[i].ToString("X2"));
            }
            return sb.ToString();
        }
    }

...

 usrpass = CreateMD5(usrpassTextbox.Text.ToString());
Flash Thunder
  • 11,672
  • 8
  • 47
  • 91