Hashed Passwords

joe_pool_is · Sep 14, 2005

I found a neat little command for encrypting passwords on my forms before storing them in my databases: HashPasswordForStoringInConfigFile, and I use it as such:

Code:

strPwd1 = 
FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd1.Text, "sha1");

This does a wonderful job of turning any password into a large string of garble, but how do I convert it back into something usable so that I can compare my Visitors' passwords with what I have stored? I tried using

Code:

strPwd2 = 
FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd2.Text, "sha1");
if (strPwd1 == strPwd2) {
// do stuff
} else {
// puke!
}

to compare what they punch in with what I have in the database, but it pukes every time!

PlausiblyDamp · Sep 15, 2005

You don't. Hashing is a one way thing - this aids security because nobody can get a password back from a hash.
If someone enters a password you need to hash that and then compared the new hash against the stored hash.

joe_pool_is · Sep 15, 2005

Ah! Okay, I guess that makes sense. Thanks.

cyrilgupta · Sep 19, 2005

Hashing

joe_pool_is said:
Ah! Okay, I guess that makes sense. Thanks.

I think hashing makes perfect sense if you wish to protect your customers from your own employees. PHP has a similar function.

Hashed Passwords

joe_pool_is

Contributor

PlausiblyDamp

Administrator

joe_pool_is

Contributor

cyrilgupta

Newcomer