dcsimg
Results 1 to 5 of 5

Thread: Adding salt and hash to button click?

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2014
    Posts
    416

    Adding salt and hash to button click?

    Hello

    I have a plain password (chosen by the user when registering) stored in a column called 'password' in a MS Access database. I also have other columns called username,strEmail, and Hash.

    I understand that I now need to generate a long random number and then add that number to the plain password in order to 'salt' it and replaces the plain password in the password column. This value should now be hashed and stored in the Hash column.

    Code:
    Imports System
    Imports System.Object
    Imports System.IO
    Imports System.Text
    Imports System.Security.Cryptography
    Imports System.Security.Cryptography.RandomNumberGenerator
    Imports System.Security.Cryptography.RNGCryptoServiceProvider
    
    Partial Class register
        Inherits System.Web.UI.Page
    
     Public Function GetSalt() As String
            Dim saltSize = 32
            Dim Salt As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
            Dim randomBytes(saltSize - 1) As Byte
            Salt.GetBytes(randomBytes)
            Return Convert.ToBase64String(randomBytes)
        End Function
    
        Public Function HashedPassword(ByVal Salt As String, ByVal providedPassword As String) As String
            Dim passWithSalt = String.Concat(Salt, providedPassword)
            Dim rawPasswordData() As Byte = Encoding.UTF8.GetBytes(passWithSalt)
            Dim SHA512 As New SHA512CryptoServiceProvider()
            Dim resultingHash As Byte() = SHA512.ComputeHash(rawPasswordData)
            Return Convert.ToBase64String(resultingHash)
        End Function
    I would be grateful for advice as to what I now add to the button click which, at present, looks like this:

    Code:
    Protected Sub btnReg_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnReg.Click
          
                Using conn As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)
    
                    Dim Sql As String = "INSERT INTO university (username,[password],strEmail,) VALUES (@username,@password,@strEmail,)"
    
                    Dim cmd As New OleDbCommand(Sql, conn)
    
                    conn.Open()
    
                    cmd.Parameters.AddWithValue("@username", username.Text)
                    cmd.Parameters.AddWithValue("@password", password.Text)
                    cmd.Parameters.AddWithValue("@strEmail", strEmail.Text)
                   
                    cmd.ExecuteNonQuery()
    
                    conn.Close()
    
               End Using
    End Sub
    Thank you.

    Steve

  2. #2
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    31,836

    Re: Adding salt and hash to button click?

    well, first add the hash field to the SQL, including a parameter for it.
    Then make a call to the GetSalt function and store the result in a variable.
    Call HashedPassword, passing it the password from the user and the salt you generated. Store the resuilt from that in a variable as well.
    change the add with value for hte password to use the salt instead.
    add the hashed value parameter
    Boom! Bob's your uncle.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2014
    Posts
    416

    Re: Adding salt and hash to button click?

    Many thanks for your reply, tg.

    Let me t6ry it and I'll post back.

    Thanks!

  4. #4

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2014
    Posts
    416

    Re: Adding salt and hash to button click?

    Thanks for that tg.

    I'll try it and post back.

    Steve

  5. #5

    Thread Starter
    Hyperactive Member
    Join Date
    Jun 2014
    Posts
    416

    Re: Adding salt and hash to button click?

    Hello tg

    I have added the hash field to the SQL, but when adding a parameter for it I get the following:

    Name:  Tech.jpg
Views: 26
Size:  34.7 KB

    When I add System.Security.Policy as a namespace, I get the following: 'Hash is not a member'.

    Are there any other options I should be trying in the Correction Suggestions box that appears?

    Thanks again

    Steve

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width