salt.CopyTo(saltedValue, value.Length) Public static byte Hash(byte value, byte salt)īyte saltedValue = value.Concat(salt).ToArray() public static byte Hash(string value, byte salt) Use Linq or CopyTo to concatenate arrays. What blowdart said, but with a little less code. Salts do not have to be kept secret and can be stored alongside the hash itself. You should note that you cannot use the equality operator on byte arrays, it checks references and so you should simply loop through both arrays checking each byte thus public static bool CompareByteArrays(byte array1, byte array2)Īlways use a new salt per password. If you must convert a hash to its string representation you can use Convert.ToBase64String and Convert.FromBase64String to convert it back. You can convert text to byte arrays using (string). The salt generation is as the example in the question. Return algorithm.ComputeHash(plainTextWithSaltBytes) New byte įor (int i = 0 i < plainText.Length i++) HashAlgorithm algorithm = new SHA256Managed() In my book, Beginning ASP.NET Security, (oh finally, an excuse to pimp the book) I do the following static byte GenerateSaltedHash(byte plainText, byte salt) Hashes and salts are binary blobs, you don't need to convert them to strings unless you want to put them into text files. Actually this is kind of strange, with the string conversions - which the membership provider does to put them into config files.
0 kommentar(er)
