Storing Sha256 Hashed Passwords with Nhibernate
I have a simple web app that has a login page, the front end domain has a simple model with:
string username {get;set;}
string password {get;set;}
However it is encrypted with sha256 before it is sent over to the data domain object, originally the data domain w开发者_StackOverflow社区as:
string username {get;set;}
string password {get;set;}
So I would take the password from the ui, encrypt it then using the Encoding.GetString() method, get back a string for persisting. However when I try to persist the data it just seems to give an exception, which I believe to be down to the characters in the string not being valid.
After looking around some people have recommended storing it as a varbinary(32) and using a byte[] password {get;set;} within the data layer, however I couldn't get Nhibernate to map it correctly.
So can anyone tell me the best practise on storing hashed passwords with Nhibernate and SqlServer or MySql. (The app supports both dbs)
You shouldn't use Encoding.GetString()
on a SHA value since it will produce text that may not store correctly, or worse, give an exception. Rather use something like Convert.ToBase64String
.
精彩评论