-1

I am trying to build an application where security and encryption are a high concern.

I am using Visual Studio 2022 and VB.NET 6.0 (I searched for 3 days now and couldn't find a suitable solution, all that I found is related to a different version of .NET and NOT Visual Studio 2022)

UPDATE: 16/5/2022

I updated my question to be more related to what I really need; which is hashing the password.

Thank you

Guru
  • 42
  • 7
  • 2
    Firstly, you're not using VB 6.0. VB6 was the last version of COM-based VB, before .NET was a thing. You're using VB 2022, which is VB 17 if you want version numbers instead of years. .NET 6 does not mean VB6. – user18387401 May 05 '22 at 11:55
  • As for the question, nothing you have seen is outdated. Hashing hasn't changed. It's done now how it was done years ago. If what you're doing works then it's fine. Nothing to see here. – user18387401 May 05 '22 at 11:56
  • 2
    Note that the salt is usually random bytes stored with the hashed password. That way, the same password will produce different hashes for different people. – user18387401 May 05 '22 at 11:58
  • @user18387401 What I mean by my question not if hashing has been changed, I mean which hashing is latest and most secure? For example there is a debate that MD5 is recoverable by rainbow attack and brute force if someone acquire DB. So is SHA512 enough or which is the best? Some VB.NET 6 code reference is appreciated. I fixed the subject line to VB.NET 6, Thank you – Guru May 05 '22 at 13:31
  • 1
    There is also many references for **BCRYPT, SCRYPT, PBKDF2, and Argon2**. Which one I really need for most security? I am confused. [Reference](https://stackoverflow.com/questions/116684/what-algorithm-should-i-use-to-hash-passwords-into-my-database) – Guru May 05 '22 at 13:52

1 Answers1

-1

This solution worked for me like charm:

Imports System.Security.Cryptography
Imports System.Text

Public Module hashing
    Public Function PWDhash(ByVal password As String)
        Using sha512Hash As SHA512 = SHA512.Create()
            Return GetHash(sha512Hash, password)
        End Using
    End Function

    Private Function GetHash(ByVal hashAlgorithm As HashAlgorithm, ByVal input As String) As String

        ' Convert the input string to a byte array and compute the hash.
        Dim data As Byte() = hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(input))

        ' Create a new Stringbuilder to collect the bytes
        ' and create a string.
        Dim sBuilder As New StringBuilder()
        ' Loop through each byte of the hashed data 
        ' and format each one as a hexadecimal string.
        For i As Integer = 0 To data.Length - 1
            sBuilder.Append(data(i).ToString("x2"))
        Next
        ' Return the hexadecimal string.
        Return sBuilder.ToString()
    End Function

    ' Verify a hash against a string.
    Public Function VerifyHash(hashAlgorithm As HashAlgorithm, input As String, hash As String) As Boolean
        ' Hash the input.
        Dim hashOfInput As String = GetHash(hashAlgorithm, input)
        ' Create a StringComparer an compare the hashes.
        Dim comparer As StringComparer = StringComparer.OrdinalIgnoreCase
        Return comparer.Compare(hashOfInput, hash) = 0
    End Function
End Module

This is how to hash:

Dim HashedPWD As String = PWDhash("password here")

This is how to verify:

Dim IsPWDCorrect As Boolean = VerifyHash(sha512Hash, "password here", "password hash from DB")

I also created a function to force user to choose a complex password.

It works on VB.Net Core 6.0

The length of the hash is 128 Byte.

This is an example output:

708ed38ae70f96bc7dcb58515ab328614eaf3b41402de0c50e60ba0f56be5efc6f6daf0b226ec238c3dcaff182e466a1e12df1cadd4e62e6a8c197355b1edc4e

Guru
  • 42
  • 7