Reputation: 3545
How can I get the salt of the hash algorithm that ASP.NET membership uses?
What I found is that the default hashing is SHA1 but they also salt it, you can take a look below:
public string EncodePassword(string pass, string salt)
{
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] src = Encoding.Unicode.GetBytes(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
I need the salt.. so I guess it gets the salt from some place, some file like the web config or it calculates the salt.. I dont know
How can I get the salt of the hash algorithm that ASP.NET membership uses?
Upvotes: 0
Views: 1216
Answers (1)
Reputation: 276
You can read the corresponding salt value for each password from the aspnet_Membership table.
From the Membership Providers documentation (https://msdn.microsoft.com/en-us/library/aa478949.aspx):
The salt is a random 128-bit value generated by the .NET Framework's RNGCryptoServiceProvider class. Each password/password answer pair is salted with this unique value, and the salt is stored in the aspnet_Membership table's PasswordSalt field. The result of hashing the password and the salt is stored in the Password field.
Upvotes: 2
Related Questions
- What is default hash algorithm that ASP.NET membership uses?
- Different hash algorithm for ASP.NET Membership provider?
- How to reproduce the password hash created by asp.net MVC default membership
- What Hash Algorithm used by the Asp.net Membership?
- ASP.NET membership HashAlgorithmType defaults to HMACSHA256, so is password hash keyed?
- get string value of password from hash value
- ASP.NET membership salt?
- ASP.NET password hashing and password salt
- How to create a asp.net membership provider hashed password manually?
- I need to get the password which is Hashed in ASP.net