How is Hash and Salt Computed Using ASP .net 2.0 built-in Controls

Discussion in 'ASP .Net Web Controls' started by Ryan, Mar 7, 2007.

  1. Ryan

    Ryan Guest

    How do the built in membership controls compute the password hash and
    salt for storing in the memberstore? I am trying to create a custom
    change password control but want to use the built-in login control. I
    modified the following code from Microsoft to get it into VB but the
    hashed password it creates is way longer than that created when I use
    the Create User wizard. What am I doing wrong?

    Public Shared Function ComputeHash(ByVal plainText As String,
    _
    ByVal hashAlgorithm As
    String, _
    ByRef saltBytes() As Byte)
    _
    As String

    Dim saltsize As Integer
    Dim passwordBytes() As Byte
    Dim hash As HashAlgorithm

    ' If salt is not specified, generate it on the fly.


    ' Define min and max salt sizes.
    'Dim minSaltSize As Integer
    'Dim maxSaltSize As Integer

    'minSaltSize = 8
    'maxSaltSize = 8

    ' Generate a random number for the size of the salt.
    'Dim random As Random
    'random = New Random()

    'Dim saltSize As Integer
    'saltSize = random.Next(minSaltSize, maxSaltSize)


    saltsize = 32
    ' Allocate a byte array, which will hold the salt.
    saltBytes = New Byte(saltsize - 1) {}

    System.Security.Cryptography.RNGCryptoServiceProvider.Create().GetBytes(saltBytes)

    ' Convert the plain string password into bytes

    passwordBytes =
    UnicodeEncoding.Unicode.GetBytes(plainText)
    Dim combinedBytes(passwordBytes.Length + saltBytes.Length
    - 1) As Byte

    ' Append salt to password before hashing
    System.Buffer.BlockCopy(passwordBytes, 0, combinedBytes,
    0, passwordBytes.Length)
    System.Buffer.BlockCopy(saltBytes, 0, combinedBytes,
    passwordBytes.Length, saltBytes.Length)


    ' Fill the salt with cryptographically strong byte values.
    'rng.GetNonZeroBytes(saltBytes)

    ' Because we support multiple hashing algorithms, we must
    define
    ' hash object as a common (abstract) base class. We will
    specify the
    ' actual hashing algorithm class later during object
    creation.

    ' Make sure hashing algorithm name is specified.
    If (hashAlgorithm Is Nothing) Then
    hashAlgorithm = ""
    End If

    ' Initialize appropriate hashing algorithm class.
    Select Case hashAlgorithm.ToUpper()

    Case "MD5"
    hash = New MD5CryptoServiceProvider()
    Case "SHA256"
    hash = New SHA256Managed()

    Case "SHA384"
    hash = New SHA384Managed()

    Case "SHA512"
    hash = New SHA512Managed()

    Case Else 'SHA1 = Default
    hash = New SHA1Managed()

    End Select

    ' Compute hash value of our plain text with appended salt.
    Dim hashBytes As Byte()

    hashBytes = hash.ComputeHash(combinedBytes)
    ' Append the salt to the hash
    Dim hashPlusSalt(hashBytes.Length + saltBytes.Length) As
    Byte
    System.Buffer.BlockCopy(hashBytes, 0, hashPlusSalt, 0,
    hashBytes.Length)
    System.Buffer.BlockCopy(saltBytes, 0, hashPlusSalt,
    hashBytes.Length, saltBytes.Length)

    ' Return the result.
    ComputeHash = Convert.ToBase64String(hashPlusSalt)
    End Function
     
    Ryan, Mar 7, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=

    Speech Web Application using SALT

    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=, Dec 31, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    380
    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=
    Dec 31, 2003
  2. =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=

    Speech Apllication using SALT

    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=, Jan 2, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    373
    =?Utf-8?B?U2F0ZWVzaCBLdW1hciBFIEM=?=
    Jan 2, 2004
  3. Mark Olbert

    Default AES Salt in ASPNET2 Site

    Mark Olbert, Feb 23, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    456
    Mark Olbert
    Feb 23, 2006
  4. ClaudiaE
    Replies:
    1
    Views:
    595
    Hans Granqvist
    Dec 3, 2003
  5. rp
    Replies:
    1
    Views:
    556
    red floyd
    Nov 10, 2011
Loading...

Share This Page