Saturday, September 10, 2011

Working on Encryption/Decryption for the site

I already have a better hash working for passwords on the site that use a unique salt value and repeat the hash 10,000 times:

public static byte[] Encode( string password, out byte[] salt )
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
32, 10000 );
salt = rdb.Salt;
return rdb.GetBytes( 256 );

public static bool ValidatePassword( string password,
byte[] storedSalt,
byte[] encPassword )
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
10000 );
byte[] passwordEnc = rdb.GetBytes( 256 );
return Equals( encPassword, passwordEnc );

At the moment, I'm having some difficulty getting a Base64 string in the correct format, but once I get that issue solved (over the next two or three days), I'll post those two methods here just like I did for the two that are working as designed.

No comments:

Post a Comment