Hash problem
Kamon | Posted 11:01am 4. November 2005 Server Time |
Ok, In my signup procedure, I season the users password with their unique User ID. I then take the generated string and use SHA256 to hash it and store the result. just to make sure that the user ID is entered in the same case, I make it all uppercase. so no matter how Doe enters his name, it should be like this, the string to hash should look like this. (I reverse the id for a twist)
passwordEODJ
I debugged the app in several places and this is ALWAYS being sent to the function to get hashed....however a different string is created depending on how he enters his user ID.
is he enters Jdoe this will be generated
244109227481361282341771922501251402407916515105205396123244252195311188186354
if he ented jdoe this is generated
18216123159173103442551812271471881581751003166123191192110156001611351672720744100
So my question..why is a different hash being created when CLEARLY the seasoned text is being sent as passwordEODJ every single time.
for kicks and giggles ill post the code. |
Kamon | Posted 11:20am 4. November 2005 Server Time |
----Main calls----
strTextToHash = SeasonText(password, username.ToUpper)
Response.Write(HashText(username))
---------------------------
Public Shared Function SeasonText(ByVal String1 As String, ByVal string2 As String) As String
Dim strFoo As String
strFoo = String1 & StrReverse(string2)
Return strFoo
End Function
---------------------------
Public Shared Function HashText(ByVal input As String) As String
Dim ArrHashInput As Byte()
Dim arrHashOutput As Byte()
Dim objSHA256 As New SHA256Managed
ArrHashInput = ConvertStringToByteArray(input)
arrHashOutput = objSHA256.ComputeHash(ArrHashInput)
Return ConvertByteArrayToString(arrHashOutput)
End Function
------------------------
Public Shared Function ConvertByteArrayToString(ByVal arrInput As Byte()) As String
Dim intCounter As Integer
Dim strOutput As String = ""
For intCounter = 0 To arrInput.Length - 1
strOutput = strOutput & arrInput(intCounter).ToString
Next
Return strOutput
End Function
------------------------
Public Shared Function ConvertStringToByteArray(ByVal input As String) As Byte()
Dim intCounter As Integer
Dim arrChar As Char()
arrChar = input.ToCharArray
Dim arrByte(arrChar.Length - 1) As Byte
For intCounter = 0 To arrByte.Length - 1
arrByte(intCounter) = Convert.ToByte(arrChar(intCounter))
Next
Return arrByte
End Function
------------------------
Kamon | Posted 11:21am 4. November 2005 Server Time |
......i am an idiot...i just saw it...(hint 2ndline of code...)
Kodo | Posted 11:28am 4. November 2005 Server Time |
why not just use the security namespace in the web.security.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebSecurityFormsAuthenticationClassHashPasswordForStoringInConfigFileTopic.asp
Kamon | Posted 12:13am 4. November 2005 Server Time |
Bacause unless I am mistaken it just hashes the password. so If John manages to get the data from my database and see this
user | Pass
-------------
John | 3456789AD
Joe | 2342493DF
Jim | 3456789AD
then he knows jims password is the same as his. really, I am doing the same thing they are with the exception of seasoning the password so there is minimal chance of a duplicate hash. Plus I want to use SHA256, which that doesnt offer.
Reply to Post Hash problem
|
|
|
