Sql Server Storing SHA256 String as Question Marks

Question

I have followed this article on how to implement password hashing and salting http://www.codeproject.com/Articles/608860/A-Beginners-Tutorial-for-Understanding-and-Impleme

I have implemented all the code mentioned in the article into my MVC 5 web application, however, whenever I store the PasswordHash and Salt, both of these strings save in my User table as question marks, e.g, ????????????????

The database I'm using is Sql Server 2008 R2. The two fields within my database User table have both got a datatype of Nvarchar(100)

I should also mention the data is being persisted to the database using Entity Framework 5.

Has anyone seen this before? I'm thinking it might be a datatype problem, i.e., shouldn't be Nvarchar, however, I don't really know.

Any help with this would be great.

Thanks.

Answer 1

There's a problem in Utility.cs:

    public static string GetString(byte[] bytes)
    {
        char[] chars = new char[bytes.Length / sizeof(char)];
        System.Buffer.BlockCopy(bytes, 0, chars, 0, bytes.Length);
        return new string(chars);
    }

The function is fed random bytes. This is not how you create a random string. Characters are not meant to store binary data. Such strings will be hard to swallow for many components.

Use Convert.ToBase64String and don't trust random articles on the web. Validate what you find with your own understanding before using it.

Answer 2

SHA256 are not string, are byte arrays. Use byte[] in your client code, use VARBINARY on the server code.