Syed Waqas
Reputation: 862
How to verify HMACSHA256 hashed password with salt
I have a table with usenames, hashed password and their salts, now in my application I want to verif the plain password with hashed one below is what I tried but does not generate the same hash, please suggest how can I solve this problem.
byte[] bIn = Encoding.Unicode.GetBytes(Password);
byte[] bSalt = Convert.FromBase64String(SaltValue);
byte[] bAll = new byte[bSalt.Length + bIn.Length];
Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
HMACSHA256 s = new HMACSHA256();
return Convert.ToBase64String(s.ComputeHash(bAll));
Upvotes: 0
Views: 2634
Answers (1)
JMan
Reputation: 2629
You should create one method to hash a password with a salt. Then use this method to encrypt the initial password. If you reuse this method verifying the password afterwards it will always match.
Make sure you retrieved the correct salt from your database for the account.
Upvotes: 2
Related Questions
- Verify SHA512 Hashed Password in C#
- How to compute a HMAC SHA256 in c#
- How can I hash passwords with salt and iterations using PBKDF2 HMAC SHA-256 or SHA-512 in C#?
- HMAC SHA256 hash computation in C#
- How to hash a password with SHA512
- Verification of Hashing password is not working
- get string value of password from hash value
- Check HMAC-SHA1 without key in C#
- Validate a salted hash
- How can I verify a plaintext password with a hash algorithm?