Hashing passwords with MD5 or sha-256 C#

by

Don’t use a simple hash, or even a salted hash. Use some sort of key-strengthening technique like bcrypt (with a .NET implementation here) or PBKDF2 (with a built-in implementation).

Here’s an example using PBKDF2.

To generate a key from your password…

string password = GetPasswordFromUserInput();

// specify that we want to randomly generate a 20-byte salt
using (var deriveBytes = new Rfc2898DeriveBytes(password, 20))
{
    byte[] salt = deriveBytes.Salt;
    byte[] key = deriveBytes.GetBytes(20);  // derive a 20-byte key

    // save salt and key to database
}

And then to test if a password is valid…

string password = GetPasswordFromUserInput();

byte[] salt, key;
// load salt and key from database

using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
{
    byte[] newKey = deriveBytes.GetBytes(20);  // derive a 20-byte key

    if (!newKey.SequenceEqual(key))
        throw new InvalidOperationException("Password is invalid!");
}

More Related Contents:

  1. Obtain SHA-256 string of a string
  2. Hashing a string with SHA256
  3. Hash and salt passwords in C#
  4. Calculate MD5 checksum for a file
  5. How to hash a password
  6. How does native implementation of ValueType.GetHashCode work?
  7. Algorithm to compare two images in C#
  8. Quick and Simple Hash Code Combinations
  9. Mismatch Detected for ‘RuntimeLibrary’
  10. Which cryptographic hash function should I choose?
  11. Is there an IDictionary implementation that, on missing key, returns the default value instead of throwing?
  12. How is GetHashCode() of C# string implemented?
  13. Is BCrypt a good hashing algorithm to use in C#? Where can I find it? [closed]
  14. Possible to calculate MD5 (or other) hash with buffered reads?
  15. MD5 hash with salt for keeping password in DB in C#
  16. Getting hash of a list of strings regardless of order
  17. How do I generate a hashcode from a byte array in C#?
  18. How can I read/stream a file without loading the entire file into memory?
  19. Best hashing algorithm in terms of hash collisions and performance for strings
  20. Digital signature in c# without using BouncyCastle
  21. Compute a hash from a stream of unknown length in C#
  22. Can I depend on the values of GetHashCode() to be consistent?
  23. GetHashCode() on byte[] array
  24. What is the best way to implement this composite GetHashCode()
  25. Hashing with SHA1 Algorithm in C#
  26. A fast hash function for string in C#
  27. SHA1 hashing in SQLite: how?
  28. Assist me to define UI in xaml [closed]
  29. Windows service NOT shown in add remove programs under control panel
  30. What exactly are unmanaged resources?

Leave a Comment