How to Store salt and hashed password Database in C#

Question

My login function in ASP.Net Web application i planed to go for a better security way so i have googled a lot and finally I found: CrackStation.net. It was really amazing.. the question is they didn't mention how to store salt and hashed password in database. Here is a the code found on Crack Station. I also have a DotNetFiddle Snippet you can run in your browser.

i want to know how to store password in database (slat and hash both concatenate and save in one column) or (each in different columns such as salt is salt column and hash is hash column)...

Please step by step explain the password salting and hashing processing up to save in database and retrieve from database and varify...

Is salt and hash are a same?

At what time we generate salt (random salt)? Why we save salt in separate column in sql database?? Saved salt in database column at which time we need to use?

Please clearly mention. (Any source code examples.)

Thank you.

Answer 1

Am not sure this what you want.

Just to show you an example am answering this

;WITH cte
     AS (SELECT 1 AS rn
         UNION ALL
         SELECT rn + 1
         FROM   cte
         WHERE  rn < 3) -- Count
SELECT id
FROM   cte
       CROSS JOIN (SELECT 1003 id) B 

Answer 2

1. It doesn't make much of a difference, you can have salt and hash in seperate columns, or concatenate them and put them in one column (clarification). Having them in seperate columns is easier.
2. You create the salt before you calculate the hash.

To verify that a password is correct:

• Transmit the candidate password (CP) to your server over a secure channel
• Retrieve the hash (H) and the salt (S) from the database.
• Calculate a candidate hash (CH) using the candidate password (CP) and the salt (S)
• Compare the candidate hash (CH) with the hash (H)

Make sure that no hash or salt is ever transmitted to the client.