Compairing PasswordQuestion Answers

[Guest]

Hello,
I am using the Microsoft CreateUser control for my users. It stores the
password as well as the answer to the security question in Hash format. I
need to know how I can write my own code to compair the Hashed answer with
what the user types in. I know I cannot un-hash the answer. I want to take
what they give me and hash it, then compair the two. I have tried several
hash algorithems. I even tried to use
FormsAuthentication.HashPasswordForStoringInConfigFile on the answer by it
did not work.
Thank you for your help.
Michael

 

[Igotyourdotnet]

Try this: I did this in a winForm app, but it'll will work on an asp.net
form

using System.Security.Cryptography;

string strSource = 'your has source, this can come from a database(dataset,
datatable, etc)
string strHash = what you want to compare to the source hash to see if they
match

txtHashCode.Text = strHash;

if(VerifyHash(strSource, strHash))
{
MessageBox.Show("match");
}
else
{
MessageBox.Show("do not match");
}

static bool VerifyHash(string strInput, string strHash)
{
string strHashInput = getHash(strInput);
StringComparer strCompare = StringComparer.OrdinalIgnoreCase;
if (0 == strCompare.Compare(strHashInput, strHash))
{
return true;
}
else
{
return false;
}
}

static string getHash(string strHash)
{
MD5 mdHasher = MD5.Create();
byte[] hash =
mdHasher.ComputeHash(Encoding.Default.GetBytes(strHash));

StringBuilder sBuilder = new StringBuilder();
for(int i =0; i < hash.Length; i++)
{
sBuilder.Append(hash.ToString("x2"));
}
return sBuilder.ToString();
}

 

[Guest]

Hello,
thanks for your help. It did not work. Shouldn't I have to use the salt?
If not, it still returns failed every time. Anyone else?

Thanks,
Michael

Try this: I did this in a winForm app, but it'll will work on an asp.net
form

using System.Security.Cryptography;

string strSource = 'your has source, this can come from a database(dataset,
datatable, etc)
string strHash = what you want to compare to the source hash to see if they
match

txtHashCode.Text = strHash;

if(VerifyHash(strSource, strHash))
{
MessageBox.Show("match");
}
else
{
MessageBox.Show("do not match");
}

static bool VerifyHash(string strInput, string strHash)
{
string strHashInput = getHash(strInput);
StringComparer strCompare = StringComparer.OrdinalIgnoreCase;
if (0 == strCompare.Compare(strHashInput, strHash))
{
return true;
}
else
{
return false;
}
}

static string getHash(string strHash)
{
MD5 mdHasher = MD5.Create();
byte[] hash =
mdHasher.ComputeHash(Encoding.Default.GetBytes(strHash));

StringBuilder sBuilder = new StringBuilder();
for(int i =0; i < hash.Length; i++)
{
sBuilder.Append(hash.ToString("x2"));
}
return sBuilder.ToString();
}

Hello,
I am using the Microsoft CreateUser control for my users. It stores the
password as well as the answer to the security question in Hash format. I
need to know how I can write my own code to compair the Hashed answer with
what the user types in. I know I cannot un-hash the answer. I want to
take
what they give me and hash it, then compair the two. I have tried several
hash algorithems. I even tried to use
FormsAuthentication.HashPasswordForStoringInConfigFile on the answer by
it
did not work.
Thank you for your help.
Michael