Member Avatar for gahhon

Hashing Method

        // If the two SHA1 hashes are the same, returns true.
        // Otherwise returns false.
        private static bool MatchSHA1(byte[] p1, byte[] p2)
        {
            bool result = true;
            if (p1 != null && p2 != null)            
                if (p1.Length == p2.Length)                
                    for (int i = 0; i < p1.Length; i++)                    
                        if (p1[i] != p2[i])
                        {
                            result = false;
                            break;
                        }                 
            return result;
        }

        // Returns the SHA1 hash of the combined userID and password.
        private static byte[] GetSHA1(string userID, string password)
        {
            SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
            return sha.ComputeHash(Encoding.ASCII.GetBytes(userID + password));
        }

Registration

        protected void RegistrationMember(object sender, LoginCancelEventArgs e)
        {
            TextBox txtID = (TextBox)cuwRegistration.CreateUserStep.ContentTemplateContainer.FindControl("UserName");
            TextBox txtPass = (TextBox)cuwRegistration.CreateUserStep.ContentTemplateContainer.FindControl("Password");
            TextBox txtEmail = (TextBox)cuwRegistration.CreateUserStep.ContentTemplateContainer.FindControl("Email");

            if (!checkDuplicateUsername(txtID.Text))
            {
                byte[] EncryptedPassword = GetSHA1(txtID.Text, txtPass.Text);
                SqlConnection conRegister = new SqlConnection(ConfigurationManager.ConnectionStrings["connMSJ"].ConnectionString);
                SqlCommand cmdRegister;
                conRegister.Open();
                cmdRegister = new SqlCommand("INSERT INTO Member VALUES (@ID, @Pass, @Email)", conRegister);
                cmdRegister.Parameters.AddWithValue("@ID", txtID.Text);
                cmdRegister.Parameters.AddWithValue("@Pass", EncryptedPassword);
                cmdRegister.Parameters.AddWithValue("@Email", txtEmail.Text);
                cmdRegister.ExecuteNonQuery();
                conRegister.Close();
                e.Cancel = true;
            }
            Response.Redirect("~/Guest.aspx");
        }

Result
04ab907e17e5d7b64e074544fe969dfa

For the database, i declared password data type as varbinary(50)
and i learn this hashing method through this web PasswordStorage

Please kindly reply me, your help is needed. Thanks for advanced.

  • 1 Contributor
  • 2 Replies
  • 176 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by gahhon
Member Avatar for gahhon

Anyone give me a hands? Password encryption is a very good security to the users. (Hashing to encrypt)

Member Avatar for gahhon 
protected string GetSHA1(string userID, string password)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(userID + password, "SHA1");            
}

This is easier way to encrypted your password by using hashing method.
Only hashing password is much more lower the security, thus i combine the id and password together hash them and returning those Non-understand words

Sharing is caring. Enjoy Coding
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.