How to store hashed passwords in the database?

0 like 0 dislike
3 views
There is C# code for hashing the password:
// Generator salt private int GenerateSaltForPassword() { RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] saltBytes = new byte[4]; rng.GetNonZeroBytes(saltBytes); return (((int)saltBytes[0]) << 24) + (((int)saltBytes[1]) << 16) + (((int)saltBytes[2]) << 8) + ((int)saltBytes[3]); } // hashing private byte[] ComputePasswordHash(string password, int salt) { byte[] saltBytes = new byte[4]; saltBytes[0] = (byte)(salt >> 24); saltBytes[1] = (byte)(salt >> 16); saltBytes[2] = (byte)(salt >> 8); saltBytes[3] = (byte)(salt); byte[] passwordBytes = UTF8Encoding.UTF8.GetBytes(password); byte[] preHashed = new byte[saltBytes.Length + passwordBytes.Length]; System.Buffer.BlockCopy(passwordBytes, 0, preHashed, 0, passwordBytes.Length); System.Buffer.BlockCopy(saltBytes, 0, preHashed, passwordBytes.Length, saltBytes.Length); SHA1 sha1 = SHA1.Create(); return sha1.ComputeHash(preHashed); } // check for hashed password and entered to authorize private bool IsPasswordValid(string passwordToValidate, int salt, byte[] correctPasswordHash) { byte[] hashedPassword = ComputePasswordHash(passwordToValidate, salt); return hashedPassword.SequenceEqual(correctPasswordHash); }


And the question is to check whether you need to know the password salt hashed password as the store password in the database? In such a view: field for a password, the field for salt? I thought that it is possible to store the password salt in a single field, but how then to salt authorization?? PS Sorry maybe a stupid question.
by | 3 views

1 Answer

0 like 0 dislike
Password, generally should not be stored anywhere on the server nor in the database, but in the simplest case, you should only store a Salt and Hash sum of the password.
by

Related questions

0 like 0 dislike
4 answers
asked Apr 9, 2019 by blacknightwolf
0 like 0 dislike
1 answer
0 like 0 dislike
4 answers
110,608 questions
257,186 answers
0 comments
33,686 users