Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I create a SHA256 Hash with Salt?

I am currently working on a visual studio C# windows form project. However, I am confused by how SHA256 + salted works. I found some examples online but unable to understand how can I call this function.

I would like to call this function in a login form connecting to a database (Microsoft Access 2010).

  • How do I call this function by a click of a button and reading the password from a Textbox?
  • How do i display out the hash value in a Messagebox.Show method? (For my testing purpose)
  • Is it possible to compare two text (hashed and salted) and giving a positive result?

    public static string sha256encrypt(string phrase, string UserName)
    {
        string salt = CreateSalt(UserName);
        string saltAndPwd = String.Concat(phrase, salt);
        UTF8Encoding encoder = new UTF8Encoding();
        SHA256Managed sha256hasher = new SHA256Managed();
        byte[] hashedDataBytes =      sha256hasher.ComputeHash(encoder.GetBytes(saltAndPwd));
        string hashedPwd = String.Concat(byteArrayToString(hashedDataBytes), salt);
        return hashedPwd;
    }
    
    public static string byteArrayToString(byte[] inputArray)
    {
        StringBuilder output = new StringBuilder("");
        for (int i = 0; i < inputArray.Length; i++)
        {
            output.Append(inputArray[i].ToString("X2"));
        }
        return output.ToString();
    }
    
    private static string CreateSalt(string UserName)
    {
        string username = UserName;
        byte[] userBytes; 
        string salt;
        userBytes = ASCIIEncoding.ASCII.GetBytes(username);
        long XORED = 0x00; 
    
        foreach (int x in userBytes)
            XORED = XORED ^ x;
    
        Random rand = new Random(Convert.ToInt32(XORED));
        salt = rand.Next().ToString();
        salt += rand.Next().ToString();
        salt += rand.Next().ToString();
        salt += rand.Next().ToString();
        return salt;
    }
    

How do I create an SHA256 hash with salt?

shavalue = (sha256encrypt("password", "username");
saltedandhashtext = CreateSalt(shavalue);
like image 676
David Avatar asked Jan 01 '13 17:01

David


2 Answers

What you would do is, on the click of the button, pass the textbox value and username to the sha256encrypt function, for example:

    private void button1_Click(object sender, EventArgs e)
    {
        sha256encrypt(textBox1.Text, "SampleUserName");
    }

For the second question, do the same but with Messagebox.Show:

    private void button1_Click(object sender, EventArgs e)
    {
        MessageBox.Show(sha256encrypt(textBox1.Text, "SampleUserName"));
    }

Third point: I am not sure exactly what you mean, but if you want to Salt a text and compare it with the Hashed text:

if(sha256encrypt("password", "username") == CreateSalt("password"))
   return true;
else
   return false;

Or if you want to compare them manually:

MessageBox.Show(sha256encrypt("password", "username") + "\n\r" + CreateSalt("password"));
like image 120
CC Inc Avatar answered Oct 03 '22 08:10

CC Inc


For the first question look at CC Inc's answer.

To the second point: MessageBox.Show(sha256encrypt(textBox1.Text, "SampleUserName"));

3) Yes, it is.

You can compare two strings with the == comparator or string.Equals().

public bool compareHashs(string hash1, string hash2){
   if(hash1.Equals(hash2) //or hash1 == hash2
      return true;
   }else{
      return false;
   }  
}
like image 26
jAC Avatar answered Oct 03 '22 07:10

jAC