I already have a better hash working for passwords on the site that use a unique salt value and repeat the hash 10,000 times:
public static byte[] Encode( string password, out byte[] salt )
{
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
32, 10000 );
salt = rdb.Salt;
return rdb.GetBytes( 256 );
}
public static bool ValidatePassword( string password,
byte[] storedSalt,
byte[] encPassword )
{
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
storedSalt,
10000 );
byte[] passwordEnc = rdb.GetBytes( 256 );
return Equals( encPassword, passwordEnc );
}
At the moment, I'm having some difficulty getting a Base64 string in the correct format, but once I get that issue solved (over the next two or three days), I'll post those two methods here just like I did for the two that are working as designed.
No comments:
Post a Comment