开发者

BCrypt generating different hashes given the same salt, string, and factor

Using one of the C# implementations of BCrypt to hash passwords and store them into a SQL database. However when I return to validate against the hash string BCrypt generates a different hash than the one in the database to compare to. The salts are visibly the same as well as the factors.

Here is what I know

$2a$12$vF/1s3MqIzHwnDshyzH/rOYUelofrj4UWv./vzWqk4o2K0uwhix7W is actually "Qwerty123" and its stored in a column which is initialized to be [nvarchar] (200).

When I use the BCrypt.Verify() or BCrypt.CheckPassword() depending on the implementation, I trace it until just before it makes the comparison and the hash that it is about to compare to the before mentioned one is $2a$12$vF/1s3MqIzHwnDshyzH/rOKVRePZSXFXaIpDv6.IPkbPEoOxZgSEe

If you look close you can see that the salts and the factor parts are the same. Any idea what could be causing this?

The explicit implementation I am working with can be found here http:/开发者_开发百科/bcrypt.codeplex.com/

My question could be related to ASP.NET MVC 3 app, BCrypt.CheckPassword failing


Suggestion for testing

private void FindWhatsFailing(string password) //password = Whatever you're passing in to verify BCrypt is working
{
  const string expectedpassword = "Qwerty123";
  if(expectedpassword != password)
  {
      Debug.WriteLine("My password isn't what I thought it was");
      return;
  }
  string hashed = BCrypt.HashPassword(expectedpassword , BCrypt.GenerateSalt(12));
  if(!BCrypt.Verify(expectedpassword , hashed))
  {
     Debug.WriteLine("Something is wrong with BCrypt");
     return;
  }

  /// ... Test hashing password, compare to hash of expectedpassword, verify password against hash of itself and expectedpassword

 Debug.WriteLine("Everything worked, maybe the database storage is off?");
}

If the Bcrypt.Verify isn't working in this example for you, I have no idea what's wrong, but I'm guessing Bcrypt isn't actually the issue here.


The problem was the input to Bcrypt. I was using a Multiview and MultiViewPanels to collect user data(of which a password), allow user to verify all the data, then on the last MultiViewPanel add the user to the DB and in that process there were postbacks. After some research I found that password fields do not retain their text property after postbacks for security reasons and because I was passing txtPassword.text to Bcrypt this was the problem. This makes a new problem for me to look into.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜