can someone tell me how salting works. i get stuck when adding more info to the data.
Printable View
can someone tell me how salting works. i get stuck when adding more info to the data.
Assuming you are salting passwords:
1. User registers and provides a password.
2. You convert the password to binary form, i.e. a Byte array, using Encoding.GetBytes.
3. You generate some random binary data, i.e. the salt, using an RNGCryptoServiceProvider.
4. You append the salt to the binary password and hash it.
5. You store the user's login name, hashed password and the salt in the database.
6. When the user logs in you you retrieve the hashed password and the salt for the specified login name.
7. You then convert the password used to login to binary, append the salt and hash the result.
8. Finally, you compare the new hash with the hash in the database. If they match the user is authenticated, otherwise not.
oh. thanks. the tut i just read missed salting again before compareing