Click here to Skip to main content
13,459,077 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hi All,

Can anyone please let me know how to store a hashed password [B]using BCrypt[/B](also let me know if Bcrypt is safe) into database and verify the password when user login.

Register Page



Please provide the code to store Username and password in sql database [B]using BCrypt[/B]

Username: ...................
Password : .....................


Provide code to verify the password with the one stored in database.

Thanks & Regards,
Posted 9-Oct-12 7:52am
Updated 9-Oct-12 7:58am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

nkkppp 9-Oct-12 14:06pm
Hi Marcus,

The link provided is quite useful as we do not need to write separate code for SALT value and then append to the Password.The code is also very easier to understand.

But due to the below code will there be any performance Issues due to iterations.

private static bool MatchSHA1(byte[] p1, byte[] p2)
bool result = false;
if (p1 != null && p2 != null)
if (p1.Length == p2.Length)
result = true;
for (int i = 0; i < p1.Length; i++)
if (p1[i] != p2[i])
result = false;
Nelek 9-Oct-12 14:08pm
So... what? Have you tried to ask in the forum at the bottom of that site? Maybe the autor will be able to help you better
Right, so what? Using SHA-1 is bad -- please see my answer where I explain what to do instead.
Marcus Kramer 9-Oct-12 14:14pm
Just do everything the way Griff explains in the tip. It works, it's solid and you won't have any performance issues.
nkkppp 9-Oct-12 14:15pm
Thank you Marcus.
nkkppp 9-Oct-12 15:26pm
Hi Marcus,

I have implemented the code and it works fine.
Right, a 5. I also added detain on algorithms to be used -- please see my answer.

Using SHA-1 (as OP tried to) or MD5 is bad for security.
nkkppp 9-Oct-12 15:37pm
Hi Sergey,

Even SHA-1 is outdated, so I am using Sha-512
Exactly. If you look at my answer, you will see that I mentioned that. :-)
As the method of your code sample is named MatchSHA1, it suggests you tried SHA-1. SHA-512 is a right thing to use.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

[In reply to the OP's comment to Solution 1:]

No, don't use SHA1 (or MD5) for any security purposes — they are found broken. Please read:[^],[^].

The most used reliable and secure cryptographic hash function would be one from the SHA-2 family:[^],[^].

And you don't need to implement it by yourself. You can use the implementation available in .NET:[^].

Of course, this is if you can use .NET or Mono, for platforms other than Windows:[^],[^].

With Mono, you can always get the source code of SHA-2 or other algorithms and use it the way you want, even translate to other languages. I'm almost sure you will be able to find implementation for a language you use.

It was a bad idea not to tag your platform and languages; this can badly limit our help. I suggest next time you tag and indicate all relevant information.

Good luck,
Marcus Kramer 9-Oct-12 15:37pm
+5. A very comprehensive answer. I agree totally with the "Do not use SHA1" philosophy, but because Griff's tip so perfectly answered the OP's question, I figured I had to point them there. Cheers.
Yes, you do it right of course. I just have my own way to explain such things, even more detailed than that article, only dispersed in several past answers. I also explain one-way functions and the process of authentication, but OP seems to understand that already. :-)

Thank you, Marcus.
Nelek 9-Oct-12 15:52pm
Thank you, Nelek.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web03 | 2.8.180323.1 | Last Updated 9 Oct 2012
Copyright © CodeProject, 1999-2018
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100