Adding salt and hash to button click?
Hello
I have a plain password (chosen by the user when registering) stored in a column called 'password' in a MS Access database. I also have other columns called username,strEmail, and Hash.
I understand that I now need to generate a long random number and then add that number to the plain password in order to 'salt' it and replaces the plain password in the password column. This value should now be hashed and stored in the Hash column.
Code:
Imports System
Imports System.Object
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Security.Cryptography.RandomNumberGenerator
Imports System.Security.Cryptography.RNGCryptoServiceProvider
Partial Class register
Inherits System.Web.UI.Page
Public Function GetSalt() As String
Dim saltSize = 32
Dim Salt As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
Dim randomBytes(saltSize - 1) As Byte
Salt.GetBytes(randomBytes)
Return Convert.ToBase64String(randomBytes)
End Function
Public Function HashedPassword(ByVal Salt As String, ByVal providedPassword As String) As String
Dim passWithSalt = String.Concat(Salt, providedPassword)
Dim rawPasswordData() As Byte = Encoding.UTF8.GetBytes(passWithSalt)
Dim SHA512 As New SHA512CryptoServiceProvider()
Dim resultingHash As Byte() = SHA512.ComputeHash(rawPasswordData)
Return Convert.ToBase64String(resultingHash)
End Function
I would be grateful for advice as to what I now add to the button click which, at present, looks like this:
Code:
Protected Sub btnReg_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnReg.Click
Using conn As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)
Dim Sql As String = "INSERT INTO university (username,[password],strEmail,) VALUES (@username,@password,@strEmail,)"
Dim cmd As New OleDbCommand(Sql, conn)
conn.Open()
cmd.Parameters.AddWithValue("@username", username.Text)
cmd.Parameters.AddWithValue("@password", password.Text)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text)
cmd.ExecuteNonQuery()
conn.Close()
End Using
End Sub
Thank you.
Steve
Re: Adding salt and hash to button click?
well, first add the hash field to the SQL, including a parameter for it.
Then make a call to the GetSalt function and store the result in a variable.
Call HashedPassword, passing it the password from the user and the salt you generated. Store the resuilt from that in a variable as well.
change the add with value for hte password to use the salt instead.
add the hashed value parameter
Boom! Bob's your uncle.
-tg
Re: Adding salt and hash to button click?
Many thanks for your reply, tg.
Let me t6ry it and I'll post back.
Thanks!
Re: Adding salt and hash to button click?
Thanks for that tg.
I'll try it and post back.
Steve
1 Attachment(s)
Re: Adding salt and hash to button click?
Hello tg
I have added the hash field to the SQL, but when adding a parameter for it I get the following:
Attachment 160177
When I add System.Security.Policy as a namespace, I get the following: 'Hash is not a member'.
Are there any other options I should be trying in the Correction Suggestions box that appears?
Thanks again
Steve