Encrypting the password using salt in c# [closed]
I searched for some code for doing that, but found some with pre defined salt. I want to auto generate the salt for each user and store the salt value in the table. Thanks I am new to programming please help
(As suggested, I've replaced my previous salt generation method with something that should be more secure)
To generate a random salt:
public static string GenerateRandomSalt(RNGCryptoServiceProvider rng, int size)
{
var bytes = new Byte[size];
rng.GetBytes(bytes);
return Convert.ToBase64String(bytes);
}
var rng = new RNGCryptoServiceProvider();
var salt1 = GenerateRandomSalt(rng, 16);
var salt2 = GenerateRandomSalt(rng, 16);
// etc.
RNGCryptoServiceProvider
is used to generate "cryptographically strong random values," making it more suitable for use here than the standard Random
class. However you generate the salt, you can then append it to your password and hash using your algorithm of choice:
var salt = GenerateRandomSalt(rng, 16);
var hashedPassword = DoPasswordHashing(password + salt);
However, it's worth pointing out that doing user authentication correctly can be a more difficult problem than it seems. Eric Lippert wrote a series of blog articles about this several years ago: http://blogs.msdn.com/b/ericlippert/archive/2005/01/28/you-want-salt-with-that-part-one-security-vs-obscurity.aspx
精彩评论