how does salting a md5 work on a data base

**WhatAmIDoing** · Aug 26th, 2009, 12:46 AM

can someone tell me how salting works. i get stuck when adding more info to the data.

**jmcilhinney** · Aug 26th, 2009, 12:55 AM

Assuming you are salting passwords:

1. User registers and provides a password.
2. You convert the password to binary form, i.e. a Byte array, using Encoding.GetBytes.
3. You generate some random binary data, i.e. the salt, using an RNGCryptoServiceProvider.
4. You append the salt to the binary password and hash it.
5. You store the user's login name, hashed password and the salt in the database.
6. When the user logs in you you retrieve the hashed password and the salt for the specified login name.
7. You then convert the password used to login to binary, append the salt and hash the result.
8. Finally, you compare the new hash with the hash in the database. If they match the user is authenticated, otherwise not.

**WhatAmIDoing** · Aug 26th, 2009, 01:06 AM

oh. thanks. the tut i just read missed salting again before compareing

Thread: how does salting a md5 work on a data base

Thread Tools

Display

how does salting a md5 work on a data base

Re: how does salting a md5 work on a data base

Re: how does salting a md5 work on a data base

Posting Permissions