comparing salt and hashed passwords during login doesn't seem work right....

Posted by Pandiya Chendur on Stack Overflow See other posts from Stack Overflow or by Pandiya Chendur
Published on 2010-05-19T06:35:26Z Indexed on 2010/05/19 6:40 UTC
Read the original article Hit count: 262

Filed under:

asp.net-mvc

|

hash

|

salt

|

password

|

comparison

I stored salt and hash values of password during user registration... But during their login i then salt and hash the password given by the user, what happens is a new salt and a new hash is generated....

string password = collection["Password"];
reg.PasswordSalt = CreateSalt(6);
reg.PasswordHash = CreatePasswordHash(password, reg.PasswordSalt);

These statements are in both registration and login....

salt and hash during registration was eVSJE84W and 18DE22FED8C378DB7716B0E4B6C0BA54167315A2

During login it was 4YDIeARH and 12E3C1F4F4CFE04EA973D7C65A09A78E2D80AAC7..... Any suggestion....

    public static string CreateSalt(int size)
    {
        //Generate a cryptographic random number.
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] buff = new byte[size];
        rng.GetBytes(buff);

        // Return a Base64 string representation of the random number.
        return Convert.ToBase64String(buff);
    }

    public static string CreatePasswordHash(string pwd, string salt)
    {
        string saltAndPwd = String.Concat(pwd, salt);
        string hashedPwd =
         FormsAuthentication.HashPasswordForStoringInConfigFile(
         saltAndPwd, "sha1");

        return hashedPwd;
    }

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
ASP.NET MVC 3 Hosting :: New Features in ASP.NET MVC 3

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Razor View Engine The Razor view engine is a new view engine option for ASP.NET MVC that supports the Razor templating syntax. The Razor syntax is a streamlined approach to HTML templating designed with the goal of being a code driven minimalist templating approach that builds on existing C#, VB… >>> More
PathTooLongException after migrating from ASP.NET MVC 1 to ASP.NET MVC 2

as seen on Stack Overflow - Search for 'Stack Overflow'
I had updated my app from MVC 1 to MVC 2. After that some pages throws PathTooLongException: [PathTooLongException: The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.] … >>> More
Differece between Asp.net MVC 1 and Asp.net MVC 2

as seen on Stack Overflow - Search for 'Stack Overflow'
what is differece between Asp.net MVC 1 and Asp.net MVC 2? >>> More
Top 5 reasons for using ASP.NET MVC 2 rather than ASP.NET MVC 1

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using ASP.NET MVC 1 for a while now, and am keen to take advantage of the improvements in MVC 2. Things like validation seem greatly improved, and strongly-typed HTML helper methods look great. So, for those of you who have real-world practical experience of using ASP.NET MVC 1 and are… >>> More

Related posts about hash

Problem with hash function: hash(1) == hash(1.0)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an instance of dict with ints, floats, strings as keys, but the problem is when there are a as int and b as float, and float(a) == b, then their hash values are the same, and thats what I do NOT want to get because I need unique hash vales for this cases in order to get corresponding values… >>> More
Hash table vs Hash list vs Hash tree?

as seen on Stack Overflow - Search for 'Stack Overflow'
What property makes Hash table, Hash list and Hash tree different from each other? Which one is used when? When is table superior than tree. >>> More
Constructing a hash table/hash function.

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I would like to construct a hash table that looks up keys in sequences (strings) of bytes ranging from 1 to 15 bytes. I would like to store an integer value, so I imagine an array for hashing would suffice. I'm having difficulty conceptualizing how to construct a hash function such that given… >>> More
Hash of unique value = unique hash?

as seen on Stack Overflow - Search for 'Stack Overflow'
Theoretically does hashing a unique value yield a unique value? Let's say I have a DB table with 2 columns: id and code. id is an auto-incrementing int and code is a varchar. If I do ... $code = sha1($id); ... and then store $code into the same row as $id. Will my code column be unique as well… >>> More
EMERGENCY - Major Problems After Perl Module Installed via WHM

as seen on Stack Overflow - Search for 'Stack Overflow'
I attempted to install the perl module Net::Twitter::Role::API::Lists using WHM and after doing so my whole site came down. It seems that something that was updated with the install isn't functioning correctly and since our website it written in Perl none of our site scripts will run. In almost 8… >>> More