Password Hashing and User Authentication

G

Guest

Thanks for your time.

When a hashed password is stored in a db - how should it appear in the table?

In the MySQL table I'm using to store username and passwords, it appears as
system.byte[]. The data type is defined as varchar(16), binary. The field
is not behaving as it should during authentication - as long at I enter a
valid username, the system authenticates me despite a correct or incorrect
password value. Below is the code I'm using to hash the password and save
the password to the MySQL table:

Dim md5Hasher As New MD5CryptoServiceProvider
Dim hashedBytes As Byte()
Dim encoder As New UTF8Encoding

hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text))

With da.InsertCommand

.Connection = sqlconStBarts
.Parameters.Item("usr").Value = txtUsr.Text
.Parameters.Item("pwd").Value = hashedBytes

db.Open()
.ExecuteNonQuery()
db.Close()

End With

Below is the code i'm using for authentication:

Dim md5Hasher As New MD5CryptoServiceProvider
Dim hashedBytes As Byte()
Dim encoder As New UTF8Encoding

hashedBytes =
md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text))

With sqldaSecurity.SelectCommand
.Connection = sqlcon
.Parameters.Item("user").Value = txtUser.Text
.Parameters.Item("pwd").Value = hashedBytes
sqlcon.Open()

If sqldaSecurity.SelectCommand.ExecuteScalar() = "true" Then
sqlcon.Close()
Session.Add("ip_address", Request.UserHostAddress)
Session.Add("user_id", txtUser.Text)
Response.Redirect("AdminDefault.aspx")
Else
lblErr.Visible = True
sqlcon.Close()
End If

End With
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top