How Can I Securely Hash and Salt Passwords in C#?

The method of safe dissipation and salt passwords in C#

Introduction

Password security is crucial in any software application. Loltation and salt are two key technologies for protecting passwords that are not leaked.

Davidhayden code: Basic extensions and salt

Davidhayden's code fragment provides basic implementation of password dissipates and salt. It uses FormsAuthentication classes to scatter the password in order to store it in the configuration file. However, for binary BLOBs such as extension and salt, the conversion between string is considered unnecessary.

Alternative C# Method: Advanced extension and salt

The following improvement methods from "Beginning ASP.NET Security" include some enhancement functions:

This method uses a safer SHA256 algorithm and performs scatters on byte array instead of string. It also ensures that the salt of each password is unique.

<code class="language-csharp">static byte[] GenerateSaltedHash(byte[] plainText, byte[] salt)
{
  HashAlgorithm algorithm = new SHA256Managed();

  byte[] plainTextWithSaltBytes = 
    new byte[plainText.Length + salt.Length];

  for (int i = 0; i < plainText.Length; i++)
  {
    plainTextWithSaltBytes[i] = plainText[i];
  }
  for (int i = 0; i < salt.Length; i++)
  {
    plainTextWithSaltBytes[plainText.Length + i] = salt[i];
  }

  byte[] hash = algorithm.ComputeHash(plainTextWithSaltBytes);

  return hash;
}</code>

Other precautions

The text can be converted to byte array.

Shadles can be converted to string with

and use
• to convert the byte array. Encoding.UTF8.GetBytes(string)
Equal comparison between byte array should be carried out by cycling and verification of each byte.
• Convert.ToBase64String Salt should not be reused, and it should be stored with the laid password. Convert.FromBase64String

The above is the detailed content of How Can I Securely Hash and Salt Passwords in C#?. For more information, please follow other related articles on the PHP Chinese website!