accessing hashed password

Question

I am hashing password together with a user login and saving it in the database as VARBINARY 20 bytes long.

Now, I am trying to build Login page in asp.net. How can I source the password value from database to compare it with the one provided by the user? I use SqlDataReader to read the database.

Regards,

Bartosz

Answer 1

As RB. said, you retrieve the hashed passed from the database. Then you take the password provided by the user and hash it using the same hashing algorithm you used previously. If the hashcode from the database matches the hashcode for the user entered password, then the password is correct.

Answer 2

You need to store these in a table containing a column with the Username in clear text so you can get the hash according to the User trying to login. and compare the hashed input with the hashed stored one.

Answer 3

you create a hash (with same same algorithm as used to create the initial hash) over the password the user enters and search in the db if the hash is the same as the initial hash --> is yes it was the same password

the idea of the hash is to have a unreturnable function --> you can check if its the same, but you will never be able to reconstruct the input data.

Answer 4

You don't unhash the database password and compare it to the input.

You hash the input and compare it to the password. If the two hashes match, you assume it's the same password¹.

¹Technically, depending on your hash function, it might not be, as the user could have randomly entered a password which hashes to the same value as the real password, but that's being pedantic ;)