In my ASP.NET web app I'm hashing my user passwords with SHA512.
Despite much SO'ing and Googling I'm unclear how I should be storing them in the database (SQL2005) - the code below shows the basics of how I'm creating the hash as a string and I'm currently inserting it into the database into a Char(88) column as that seems to be the length created consistently
Is holding it as a String the best way to do it, if so will it always be 88 chars on a SHA512 (as I have seen some bizarre stuff on Google)?
Dim byteInput As Byte() = Encoding.UTF8.GetBytes(sSalt & sInput)
Dim hash As HashAlgorithm = New SHA512Managed()
Dim sInsertToDatabase As String = Convert.ToBase64String(hash.ComputeHash(byteInput))
SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, if you so wished.
If you want to handle the hash outside your application is more comfortable to store a Base64 string, as you are doing now. Base64 adds roughly a 33% of constant overhead, so you can expect the string to be always 88 chars.
That said, ASP.NET has a fairly comprehensive authentication system builtin, which you should use.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With