c# sha256 compute password hash by using username as salt

Question

I am trying to compute password hash with username as a salt. I have stored password_hash and password_salt in MySQL database.

-- Generate salt
SET @salt = UNHEX(SHA2(UUID(), 256));

-- Create user and hash password with salt
INSERT INTO users (username, password_salt, password_hash)
  VALUES ('ajay', @salt, UNHEX(SHA2(CONCAT('ajay123', HEX(@salt)), 256)));

By using above method I insert the value in database. Now I am trying to login to my site by username and password but I have a problem in authenticating to user. I am trying to compute hash of password in c# but I am getting wrong one. I have tried following code.

 byte[] ComputedHashpass = ComputeHash("ajay", "ajay123");            
 var result = ComputedHashpass.SequenceEqual(passHash);

  public static byte[] ComputeHash(string salt,string password)
   {
       // Convert plain text into a byte array.
       byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
       byte[] saltBytes = Encoding.UTF8.GetBytes(salt);

       SHA256Managed hash = new SHA256Managed();

       // Compute hash value of salt.
       byte[] plainHash = hash.ComputeHash(plainTextBytes);

       byte[] concat = new byte[plainHash.Length + saltBytes.Length];

       System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
       System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);

       byte[] tHashBytes = hash.ComputeHash(concat);

       // Convert result into a base64-encoded string.
       //string hashValue = Convert.ToBase64String(tHashBytes);

       // Return the result.
       //return hashValue;
       return tHashBytes;
   }

UPDATED METHOD

   public static byte[] ComputeHash(string salt,string password)
   {
       // Convert plain text into a byte array.
       byte[] plainTextBytes = Encoding.UTF8.GetBytes(password);
       byte[] saltBytes = Encoding.UTF8.GetBytes(salt);

       SHA256Managed hash = new SHA256Managed();

       // Compute hash value of salt.
       //byte[] plainHash = hash.ComputeHash(plainTextBytes);

       // Compute hash value of salt.
       byte[] saltHash = hash.ComputeHash(saltBytes);
       byte[] concat = new byte[plainTextBytes.Length + saltHash.Length];
       System.Buffer.BlockCopy(plainTextBytes, 0, concat, 0, plainTextBytes.Length);
       System.Buffer.BlockCopy(saltHash, 0, concat, plainTextBytes.Length, saltHash.Length);


       //byte[] concat = new byte[plainHash.Length + saltBytes.Length];

       //System.Buffer.BlockCopy(saltBytes, 0, concat, 0, saltBytes.Length);
       //System.Buffer.BlockCopy(plainHash, 0, concat, saltBytes.Length, plainHash.Length);

       byte[] tHashBytes = hash.ComputeHash(concat);

       // Convert result into a base64-encoded string.
       //string hashValue = Convert.ToBase64String(tHashBytes);

       // Return the result.
       //return hashValue;
       return tHashBytes;
   }

Here I used salt as username. Can some one help me to solve this. How can I compute the hash password?

I want to do following steps.

To check whether a username/password combination is valid:

1: Query the salt using the entered username
2: Apply the hash function to the password and salt
3: Compare the result against the stored hash

c# sha256 compute password hash by using username as salt

Answers (1)

Related Questions