Everyone executes hash and SALT operations must be unfamiliar. Two Visual Studio Enterprise Examples are used by this method to encrypt this method. In combination with the sample code, I summarized a class that contains a static method such as encryption and compares the password. Instructions for use: First use the Hashandsalt method to encrypt the password and store it in the database. When using the ComparePasswords method when the user logs in, the password input to the user is stored in the database when registering the user, determining whether the password entered by the user is correct.
Credentials.cs
Using system;
Using system.io;
Using system.text;
Using system.security.cryptography;
Namespace bookstore.common
{
///
A summary description of /// Credentials.
/// Principle:
/// Execute a hash operation for your password
// / To avoid storage password in a clear text, a common security approach is to perform a hash operation for your password. As shown in the following code, use System.Security.cryptography namespace (which implement 160-bit SHA-1 standard) has a hash operation. For more information, see SHA1 members.
/// Execute the SALT operation for the hash
/// Although a good start of the password is executed, the SALT operation can be performed on the password hashing to increase the security of the potential attack. SALT is a random number inserted into the password that has executes the hash operation. This strategy helps prevent potential attackers from using pre-calculated dictionary attacks. Dictionary attack is an attacker to use all possible combinations of the key to crack the password attack. When you use the SALT value to further randomize the hash operation, the attacker will need to create a dictionary for each SALT value, which will make the attack very complicated and cost is extremely high.
/// SALT value is stored with the salap and has not been encrypted. The stored SALT value can then be used for password verification.
///
Public Class Credentials, PUBLIC CLASS CREDENTIALS
{
Private static string key = "! 48% 0D-f = CJ>, S & 2"; // key (increasing password complexity, it seems to be more than)
Private const Int saltlength = 4; // Define the length of the SALT value
///
/// Hash and SALT for the password
///
/// Password entered by
///
Public static Byte [] Hashandsalt (String Password)
{
Return Createdbpassword (hashpassword (password));
}
///
/// With the password entered by the user, add the key KEY to the SHA1 hash
///
/// Password entered by
///
Private static Byte [] HashPassword (String Password)
{
// Create SHA1 Object Example SHA1SHA1 SHA1 = Sha1.Create ();
/ / Calculate the hash value of the input data
Return Sha1.computehash (Encoding.uitode.getbytes (Password Key));
}
///
/ / / Compare the password in the database and whether the password entered is the same
///
/// password in the database
/// Password entered by
///
Public Static Bool ComparePasswords (Byte [] StoredPassword, String Password)
{
// First, the password entered by the user is HASH hashing.
Byte [] HashedPassword = HashPassword (Password);
IF (StoredPassword == Null || Hashedpassword == Null || HashedPassword.Length! = storedpassword.length - saltlength)
{
Return False;
}
/ / Get the SALT value of the password in the database, the last 4 bytes of the password in the database are SALT values
Byte [] SaltValue = New byte [Saltlength];
Int saltoffset = storedpassword.length - saltlength;
For (int i = 0; i SaltValue [i] = storedpassword [Saltoffset i]; } // The password user entered by the user entered the password plus the SALT value, performing SALT Byte [] SaltedPassword = CreateSaltedPassword (SaltValue, Hashedpassword); / / Compare the password in the database and the SALT user input password is equal Return CompareByteaRray (StoredPassword, SaltedPassword); } /// /// Compare two ByTearRay, see if it is equal /// /// /// /// Private static bool comparebyteaRray (byte [] array1, byte [] array2) { IF (array1.length! = array2.length) { Return False; } For (int i = 0; I { IF (array1 [i]! = array2 [i]) { Return False; } } Return True; } /// /// /// HASH hash password without SALT operation /// Private static byte [] createdbpassword (byte [] unsaltedpassword) { // Get the SALT value Byte [] SaltValue = New byte [Saltlength]; RNGCRYPTOSERVICEPROVIDER RNG = New RNGCRYPTOSERVICEPROVIDER (); RNG.GETBYTES (SALTVALUE); Return CreateSaltedPassword (SaltValue, Unsaltedpassword); } /// /// Create a password through the SALT /// /// SALT value /// HASH hash password without SALT operation /// Private static Byte [] CreateSaltedPassword (byte [] SaltValue, Byte [] unsaltedpassword { // Adding the SALT value group to the HASH hasoflive number after the rawsalted array Byte [] rawsalted = new byte [unsaltedpassword.length saltvalue.length]; Unsaltedpassword.copyto (rawsalted, 0); Saltvalue.copyto (rawsalted, unsaltedpassword.length); // The merged Rawsalted array is then the SALTEDPassword array (length 20 bytes) SHA1 sha1 = sha1.create (); Byte [] saltedpassword = sha1.computehash (rawsalted); // Touch the SALT value group after adding to the saltedpassword array (length 24 bytes) Byte [] dbpassword = new byte [SaltedPassword.Length SaltValue.Length]; Saltedpassword.copyto (dbpassword, 0); SaltValue.copyto (dbpassword, saltedpassword.length); Return dbpassword; } } }
