There is C# code for hashing the password:
// Generator salt private int GenerateSaltForPassword() { RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] saltBytes = new byte[4]; rng.GetNonZeroBytes(saltBytes); return (((int)saltBytes[0]) << 24) + (((int)saltBytes[1]) << 16) + (((int)saltBytes[2]) << 8) + ((int)saltBytes[3]); } // hashing private byte[] ComputePasswordHash(string password, int salt) { byte[] saltBytes = new byte[4]; saltBytes[0] = (byte)(salt >> 24); saltBytes[1] = (byte)(salt >> 16); saltBytes[2] = (byte)(salt >> 8); saltBytes[3] = (byte)(salt); byte[] passwordBytes = UTF8Encoding.UTF8.GetBytes(password); byte[] preHashed = new byte[saltBytes.Length + passwordBytes.Length]; System.Buffer.BlockCopy(passwordBytes, 0, preHashed, 0, passwordBytes.Length); System.Buffer.BlockCopy(saltBytes, 0, preHashed, passwordBytes.Length, saltBytes.Length); SHA1 sha1 = SHA1.Create(); return sha1.ComputeHash(preHashed); } // check for hashed password and entered to authorize private bool IsPasswordValid(string passwordToValidate, int salt, byte[] correctPasswordHash) { byte[] hashedPassword = ComputePasswordHash(passwordToValidate, salt); return hashedPassword.SequenceEqual(correctPasswordHash); }
And the question is to check whether you need to know the password salt hashed password as the store password in the database? In such a view: field for a password, the field for salt? I thought that it is possible to store the password salt in a single field, but how then to salt authorization?? PS Sorry maybe a stupid question.
