Menu
How is the salt generated in HashProvider in Microsoft Enterprise Library when we set SaltEnabled?
Is it random to new machines? Is it some magic number?
(I know what is a salt, the question is what's the actual value of a/the salt in Enterprise Library HashProvider)
Edit:
See Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider for an example implementation. Hashing steps are:
To compare against hashed text, you must use:
public bool CompareHash(byte[] plaintext, byte[] hashedtext)
versus rehashing and comparing. If you rehash, a new random salt is generated and you're lost.
CompareHash does the following:
Original:
"if salt is enabled on a HashProvider, the provider will generate a random sequence of bytes, that will be added to the hash. If you compare a hashed value with a unhashed value, the salt will be extracted from the hashed value and used to hash the unhashed value, prior to comparison."
and
"As for decoding as hash-value. this cannot be done. after creating a hash there should be no way to reverse this into the original value. However, what you can do is compare an unhashed-value with a hashed-value by putting it through the same algorithm and comparing the output."
From http://www.codeplex.com/entlib/Thread/View.aspx?ThreadId=10284
144
I replied to a similar question regarding the Enterprise Library and the salt value it uses for hashing.
You can view it here: https://stackoverflow.com/a/27247012/869376
The highlights:
CryptographyUtility.GetRandomBytes(16); method in the Microsoft.Practices.EnterpriseLibrary.Security.Cryptography namespace. This eventually calls a C library method called [DllImport("QCall", CharSet = CharSet.Unicode)]
private static extern void GetBytes(SafeProvHandle hProv, byte[] randomBytes, int count);
45
answered Sep 09 '25 07:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With