Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Salting and Hashing Passwords using Linq To SQL

I need to salt and hash some passwords so that I can store them safely in a database. Do you have any advice or ideas as to how best to do this using Linq To SQL?

like image 697
JayJay Avatar asked Feb 24 '09 16:02

JayJay


3 Answers

LINQ to SQL doesn't have much relevance in this case. You could use any mechanism you want to, because you won't be doing hashing and salting in SQL.

The steps to save a password would go along these lines:

  1. Receive the password as cleartext, along with the user's ID.
  2. Generate (and remember) the salt.
  3. Combine the salt with the password text, e.g. prepend it or append it.
  4. Hash the resulting text with your hash function
  5. Store the user ID, the hash and the salt in your DB.

The steps to verify a password would go along these lines:

  1. Receive the password as cleartext, along with the user's ID.
  2. Retrieve the hashed and the salt from the DB for the supplied user ID.
  3. Combine the salt with the supplied password text.
  4. Hash the resulting text with your hash function.
  5. Compare the hash from the function with the hash retrieved from the DB.
  6. If they are equal, the supplied password was correct.
like image 182
Vojislav Stojkovic Avatar answered Nov 08 '22 12:11

Vojislav Stojkovic


Since you are using the .NET and C#, use can use the System.Security.Cryptography.SHA512Managed namespace for generating the salt value and password hash

like image 37
Michael Kniskern Avatar answered Nov 08 '22 12:11

Michael Kniskern


Basically as @Vojislav says.

You might want to look at bcrypt for the hashing - it's reputed to be very good.

like image 41
Douglas Leeder Avatar answered Nov 08 '22 11:11

Douglas Leeder