Click here to Skip to main content
15,846,899 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi All,

Can anyone please let me know how to store a hashed password [B]using BCrypt[/B](also let me know if Bcrypt is safe) into database and verify the password when user login.

Register Page

Username:.........
Password:........

SAVEBUTTON

Please provide the code to store Username and password in sql database [B]using BCrypt[/B]

Username: ...................
Password : .....................

LOGINBUTTON

Provide code to verify the password with the one stored in database.

Thanks & Regards,
Prathap
Posted
Updated 9-Oct-12 8:58am
v4

 
Share this answer
 
Comments
Prathap Gangireddy 9-Oct-12 14:06pm    
Hi Marcus,

The link provided is quite useful as we do not need to write separate code for SALT value and then append to the Password.The code is also very easier to understand.

But due to the below code will there be any performance Issues due to iterations.

private static bool MatchSHA1(byte[] p1, byte[] p2)
{
bool result = false;
if (p1 != null && p2 != null)
{
if (p1.Length == p2.Length)
{
result = true;
for (int i = 0; i < p1.Length; i++)
{
if (p1[i] != p2[i])
{
result = false;
break;
}
}
Nelek 9-Oct-12 14:08pm    
So... what? Have you tried to ask in the forum at the bottom of that site? Maybe the autor will be able to help you better
Sergey Alexandrovich Kryukov 9-Oct-12 15:36pm    
Right, so what? Using SHA-1 is bad -- please see my answer where I explain what to do instead.
--SA
fjdiewornncalwe 9-Oct-12 14:14pm    
Just do everything the way Griff explains in the tip. It works, it's solid and you won't have any performance issues.
Prathap Gangireddy 9-Oct-12 14:15pm    
Thank you Marcus.
[In reply to the OP's comment to Solution 1:]

No, don't use SHA1 (or MD5) for any security purposes — they are found broken. Please read:
http://en.wikipedia.org/wiki/Sha1[^],
http://en.wikipedia.org/wiki/MD5[^].

The most used reliable and secure cryptographic hash function would be one from the SHA-2 family:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^],
http://en.wikipedia.org/wiki/SHA-2[^].

And you don't need to implement it by yourself. You can use the implementation available in .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

Of course, this is if you can use .NET or Mono, for platforms other than Windows:
http://en.wikipedia.org/wiki/Mono_%28software%29[^],
http://www.mono-project.com/Main_Page[^].

With Mono, you can always get the source code of SHA-2 or other algorithms and use it the way you want, even translate to other languages. I'm almost sure you will be able to find implementation for a language you use.

It was a bad idea not to tag your platform and languages; this can badly limit our help. I suggest next time you tag and indicate all relevant information.

Good luck,
—SA
 
Share this answer
 
v2
Comments
fjdiewornncalwe 9-Oct-12 15:37pm    
+5. A very comprehensive answer. I agree totally with the "Do not use SHA1" philosophy, but because Griff's tip so perfectly answered the OP's question, I figured I had to point them there. Cheers.
Sergey Alexandrovich Kryukov 9-Oct-12 15:55pm    
Yes, you do it right of course. I just have my own way to explain such things, even more detailed than that article, only dispersed in several past answers. I also explain one-way functions and the process of authentication, but OP seems to understand that already. :-)

Thank you, Marcus.
--SA
Nelek 9-Oct-12 15:52pm    
+5
Sergey Alexandrovich Kryukov 9-Oct-12 15:55pm    
Thank you, Nelek.
--SA

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900