Geek Answers Handbook

Hash Password Comparison

I am using .net 3.5. The problem here is that I cannot get the passwords to match. I tried using the ComputeHash method for both, but it generates a different hash. Since they are now arrays of different sizes. (Obviously, they are based on one line). What have I done wrong? ("password" is byte [] param by user input)

object dataPassword = database.ExecuteScalar("GetUserPassword", new object[] {userName}); if(dataPassword != null && !(dataPassword is DBNull)) { SHA1Managed hashProvider = new SHA1Managed(); byte[] hashedPassword = (byte[])dataPassword; byte[] hash = hashProvider.ComputeHash(password); result = hashedPassword.Equals(hash); }
+1
source share
4 answers

You cannot compare byte[] . It just compares the links. You should use a loop or use the IEnumerable<T>.SequenceEqual extension method:

 result = hashedPassword.SequenceEqual(hash);

Old way (pre-LINQ):

 static bool ArrayEquals<T>(T[] first, T[] second) { if (first == null && second == null) return true; if (first == null || second == null) return false; if (first.Length != second.Length) return false; for (int i = 0; i < first.Length; ++i) if (first[i] != second[i]) return false; return true; }
+14
source

How was the password stored in the database, also after creating SHA1Managed?

0
source

This may have something to do with coding. Try using the UTF8Encoding class and encode the string using the GetBytes method.

You can also look at the set of hashing classes that I made to check the password in Google Code .

0
source

Print the contents of the hash input in both cases. I want to print byte [], not strings. If they match, then the hash. I don't know anything about .net, but maybe there is a different encoding for strings, for example, using ASCII and another UTF-8?

0
source

More articles:


All Articles