I am currently working on a visual studio C# windows form project. However, I am confused by how SHA256 + salted works. I found some examples online but unable to understand how can I call this function.
I would like to call this function in a login form connecting to a database (Microsoft Access 2010).
Textbox
? Messagebox.Show
method? (For my testing purpose) Is it possible to compare two text (hashed and salted) and giving a positive result?
public static string sha256encrypt(string phrase, string UserName)
{
string salt = CreateSalt(UserName);
string saltAndPwd = String.Concat(phrase, salt);
UTF8Encoding encoder = new UTF8Encoding();
SHA256Managed sha256hasher = new SHA256Managed();
byte[] hashedDataBytes = sha256hasher.ComputeHash(encoder.GetBytes(saltAndPwd));
string hashedPwd = String.Concat(byteArrayToString(hashedDataBytes), salt);
return hashedPwd;
}
public static string byteArrayToString(byte[] inputArray)
{
StringBuilder output = new StringBuilder("");
for (int i = 0; i < inputArray.Length; i++)
{
output.Append(inputArray[i].ToString("X2"));
}
return output.ToString();
}
private static string CreateSalt(string UserName)
{
string username = UserName;
byte[] userBytes;
string salt;
userBytes = ASCIIEncoding.ASCII.GetBytes(username);
long XORED = 0x00;
foreach (int x in userBytes)
XORED = XORED ^ x;
Random rand = new Random(Convert.ToInt32(XORED));
salt = rand.Next().ToString();
salt += rand.Next().ToString();
salt += rand.Next().ToString();
salt += rand.Next().ToString();
return salt;
}
How do I create an SHA256 hash with salt?
shavalue = (sha256encrypt("password", "username");
saltedandhashtext = CreateSalt(shavalue);
What you would do is, on the click of the button, pass the textbox value and username to the sha256encrypt
function, for example:
private void button1_Click(object sender, EventArgs e)
{
sha256encrypt(textBox1.Text, "SampleUserName");
}
For the second question, do the same but with Messagebox.Show:
private void button1_Click(object sender, EventArgs e)
{
MessageBox.Show(sha256encrypt(textBox1.Text, "SampleUserName"));
}
Third point: I am not sure exactly what you mean, but if you want to Salt a text and compare it with the Hashed text:
if(sha256encrypt("password", "username") == CreateSalt("password"))
return true;
else
return false;
Or if you want to compare them manually:
MessageBox.Show(sha256encrypt("password", "username") + "\n\r" + CreateSalt("password"));
For the first question look at CC Inc's answer.
To the second point:
MessageBox.Show(sha256encrypt(textBox1.Text, "SampleUserName"));
3) Yes, it is.
You can compare two strings with the ==
comparator or string.Equals()
.
public bool compareHashs(string hash1, string hash2){
if(hash1.Equals(hash2) //or hash1 == hash2
return true;
}else{
return false;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With