Placement of hash/salt code in ASP.NET project?

Question

Blueie 13 Junior Poster

9 Years Ago

Hello

I have some hash and salt code I intend to try out (not used it before) but I am not sure of a couple of things. I have a new
user aspx Register form page and a Log-in form. Do I use the hash and salt code on both the Register.aspx.vb page and Log-in aspx.vb page and, in the MS Access database I am using, whereas plain text would be in my three database columns as: email: 'j.brown@whatever.com', the username as 'jbrown', and the password as 'mypassword' would the salt and hash code insert instead something like the following: email: 'j.brown@whatever.com', username as 'jbrown', and the password as: roKMJYrGEKrp8z5Mah7J2T0cHcMAkZmxT6hplA3i1zTjidv0h.

Is that how it works?

Thank you.

asp.net

3 Contributors
4 Replies
289 Views
15 Hours Discussion Span
Latest Post 9 Years Ago Latest Post by Blueie

JorgeM 958 Problem Solver

9 Years Ago

Yes, i would think if you are interested in securing your passwords in the database table, you wouldnt want to store the plain text equivalent. What would the point be using hash and salt then?

You would store the hash/salt value in your db. When you authenticate a user, you apply the hash/salt, then query your record in the table, then simply compare the results. if they are the same, the user provided the correct password. If they are different, the password that the user entered was not the same password that is stored in the record.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Blueie 13 Junior Poster · Answer 1 · 2014-12-06T08:18:07+00:00

Thanks for that, Jorge. Isn't the hash/salt value stored in the database table when the user first registers - that is, with the hash/salt code applied to Reister.aspx.vb, and then later authenticated using the login form (Login.aspx)?

Thanks again.

deceptikon 1,790 Code Sniper Team Colleague Featured Poster · Answer 2 · 2014-12-06T10:37:28+00:00

Isn't the hash/salt value stored in the database table when the user first registers

Yes. When the user registers, you generate the salted hash and store it in the database. When the user logs in, you do more or less the same thing with entered credentials and compare with the stored hash to authenticate. At no point should a password be directly stored in the database, either plain text or merely encrypted.

Blueie 13 Junior Poster · Answer 3 · 2014-12-06T17:07:07+00:00

That's great, thanks for letting me know. I will try the code by adding it to both the Register.aspx.vb and Login.aspx.vb files.

Cheers.