ASP.NET || Is this a good way to hash passwords?

StackOverflow https://stackoverflow.com/questions/16265915

Frage

I'm trying stuff to hash password for my website and I've been experimenting a bit and I've gotten a result. Now I'm asking myself if this is actually a good way to hash my passwords.

My Main code:

Imports System.Security.Cryptography

Partial Class _Default
Inherits System.Web.UI.Page

Protected Sub Button1_Click(sender As Object, e As System.EventArgs) Handles Button1.Click
    Dim strWoordOmTeHashen As String
    Dim strSalt1, strSalt2, strSalt3 As String
    Dim random As New Random

    Dim arrSalt1(255), arrSalt2(255), arrSalt3(255) As String

    For i = 0 To 255
        arrSalt1(i) = random.Next(1, 26).ToString
        arrSalt2(i) = random.Next(1, 26).ToString
        arrSalt3(i) = random.Next(1, 26).ToString
    Next

    For i = 0 To 255
        arrSalt1(i) = VeranderGetalNaarLetter.VeranderGetalNaarLetter(CInt(arrSalt1(i)))
        arrSalt2(i) = VeranderGetalNaarLetter.VeranderGetalNaarLetter(CInt(arrSalt2(i)))
        arrSalt3(i) = VeranderGetalNaarLetter.VeranderGetalNaarLetter(CInt(arrSalt3(i)))
    Next

    For i = 0 To 255
        strSalt1 &= arrSalt1(i)
        strSalt2 &= arrSalt2(i)
        strSalt3 &= arrSalt3(i)
    Next


    strWoordOmTeHashen = strSalt1 & strSalt2 & txtWoord.Text & strSalt3

    'Sha512 zoder salt
    Dim sham As New SHA512Managed
    Dim result As Byte()
    Dim data As Byte()
    Dim hexstring As String

    data = ASCIIEncoding.ASCII.GetBytes(strWoordOmTeHashen)
    result = sham.ComputeHash(data)

    For i = 0 To UBound(result)
        hexstring &= Hex(result(i)).ToLower
    Next

    TextBox1.Text = hexstring

End Sub
End Class

You might notice that I'm calling a function. I'm calling this function: Public Class VeranderGetalNaarLetter

Public Shared Function VeranderGetalNaarLetter(intSalt As Integer) As String

    Dim strAlfabet As String = "!abcdefghijklmnopqrstuvwxyz"
    Dim strLetter As String

    strLetter = strAlfabet.Substring(intSalt, 1)


    Return strLetter
End Function


End Class

Any comment is welcome. I'm hoping to get comments to improve my programming a bit. Thanks in advance :)

War es hilfreich?

Lösung

While this is not wrong it is not best practice either. Hashing passwords is very tedious and sometimes re-inventing the wheel is just not worth it. If you need to hash your password then you should use an already existing library. Please take a look at BCrypt http://bcrypt.codeplex.com/

Andere Tipps

This is the code I normally use to hash stuff, it's a really simple function actually :)

Function hash(text As String) As String
    Dim encoder As New System.Text.UnicodeEncoding
    Dim sha256 As New System.Security.Cryptography.SHA256CryptoServiceProvider
    Return Convert.ToBase64String(sha256.ComputeHash(encoder.GetBytes(text)))
End Function

Good luck!

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top