BCryptHelper.CheckPassword always returns false

Question

I'm implementing password hashing using BCrypt, which should be pretty straight forward to use. However when the password is checked against the hashed password using

BCryptHelper.CheckPassword(Password, hashedDBPassword)

this always return false.

Here is my hasher class:

public static class BCryptHasher
    {
        public static string EncryptPassword(string password)
        {
            var passwordToHash = password;
            var hashedPassword = BCryptHelper.HashPassword(passwordToHash, BCryptHelper.GenerateSalt(6));

            return hashedPassword;
        }

        public static bool CheckPasswordMatch(string userPassword, string hashedDBPassword)
        {
            return BCryptHelper.CheckPassword(userPassword, hashedDBPassword);
        }
    }

I have debugged to check if the password and hashedPassword are correct. Not many other cases of this problem exist so there must be something I am doing wrong.

I found the same question here: ASP.NET MVC 3 app, BCrypt.CheckPassword failing but no solution has been found yet.

Maybe there are other and better solutions for hashing?

thanks

Answer 1

Maybe the problem is not in the hashing itselft, maybe it's the way you store the password in the database and retrieve it afterwords or something like that.

First step I would take is to write a unit test to check the functionality of that class

[TestClass]
public class BCryptHasherTest
{
    [TestMethod]
    public void check_hashing_works_for_valid_password()
    {
        string password = "myDummyPassword!";
        string hashedPassword = BCryptHasher.EncryptPassword(password);

        var passwordsMatch = BCryptHasher.CheckPasswordMatch(password, hashedPassword);      
        Assert.IsTrue(passwordsMatch);
    }
}

If this passes, the problem is somewhere else in your code, so you can go ahead and test for other things until you have found the issue.