Asp.net membership salt?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by chobo2 on Stack Overflow See other posts from Stack Overflow or by chobo2
Published on 2009-08-12T18:26:51Z Indexed on 2011/01/06 4:53 UTC
Read the original article Hit count: 270

Filed under:
|
|
|
|

Hi

Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)?

I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can.

Thanks

Edit 2

Never Mind I mis read it and was thinking it said bytes not bit. So I was passing in 128 bytes not 128bits.

Edit

I been trying to make it so this is what I have

  public string EncodePassword(string password, string salt)
        {
            byte[] bytes = Encoding.Unicode.GetBytes(password);
            byte[] src = Encoding.Unicode.GetBytes(salt);
            byte[] dst = new byte[src.Length + bytes.Length];

            Buffer.BlockCopy(src, 0, dst, 0, src.Length);
            Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);

            HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");

            byte[] inArray = algorithm.ComputeHash(dst);

            return Convert.ToBase64String(inArray);
        }

        private byte[] createSalt(byte[] saltSize)
        {
            byte[] saltBytes = saltSize;

            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

            rng.GetNonZeroBytes(saltBytes);
            return saltBytes;
        }

So I have not tried to see if the asp.net membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt.

I did this

       byte[] storeSalt = createSalt(new byte[128]);
        string salt = Encoding.Unicode.GetString(storeSalt);
        string base64Salt = Convert.ToBase64String(storeSalt);

        int test = base64Salt.Length;

Test length is 172 what is well over the 128bits so what am I doing wrong?

This is what their salt looks like

vkNj4EvbEPbk1HHW+K8y/A==

This is what my salt looks like

E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about .NET

Related posts about ASP.NET

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle