Simple ASP.NET password hashing class troubles

StackOverflow https://stackoverflow.com/questions/19964342

Question

I am attempting to apply some security to a project I'm completing for college. This security is somewhat glancing so I'm tempted to give up, save passwords as plaintext or converted to base64, and do something more user-obvious.

Before I give up, I'm asking SO. This is my first attempt at asking anything here so please be gentle.

I decided that implementing this MSDN code wouldn't be too hard. http://msdn.microsoft.com/en-us/library/aa545602%28v=cs.70%29.aspx

Turns out, it really is. I'm getting the error

System.FormatException: Input string was not in a correct format.

For code 

binarySaltValue[0] = byte.Parse( salt.Substring( 0, 2 ), System.Globalization.NumberStyles.HexNumber, CultureInfo.InvariantCulture.NumberFormat );

I'm going to be honest, I don't fully understand this code.

  1. What is SaltValueSize supposed to be? The provided code doesn't supply it, neither do any References. Also it's capitalised, so is it an object? Or a field in some object somewhere?
  2. The variable "hash" is not defined anywhere, so I just filled it with new MD5CryptoServiceProvider(). Is this a mistake?
  3. If I'm reading it right, the string "salt" is supposed to hold binary, but it doesn't at runtime, it has garbled text, meanwhile the line everything crashed at is trying to parse binary from "salt"? Why?

If anyone can fix this or supply an idiot-proof asynchronous hashing class I'd appreciate it.

( apologies for my random user name, I have no idea how that happened )

Was it helpful?

Solution

Here's a basic method (no salt) to at least get you started. It just "hashes" the string coming in.

    private string GetHashedString(string _PW)
    {
        string _HashedPW = "";
        SHA512 sha = new SHA512CryptoServiceProvider();
        byte[] result;
        StringBuilder strBuilder = new StringBuilder();


        sha.ComputeHash(ASCIIEncoding.ASCII.GetBytes(_PW));
        result = sha.Hash;

        for (int i = 0; i < result.Length; i++)
        {
            strBuilder.Append(result[i].ToString("x2"));
        }

        _HashedPW = strBuilder.ToString();
        return _HashedPW;
    }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top