none
Password Hashing

    Question

  • I've created a screen to update user login credentials and cannot get my hashed password calculation to match the built in LightSwitch hashing.

    When I pass the same passsword and salt to the following function it returns a different hash that what LS creates when I use the built in user form. I've tried all the hashing algorithms and none of them match. It should be using the default "SHA1" hash. 

           Private Function ComputeHash2(pass As String, hashAlgor As String, salt As String)

                Try

                    Dim bytes = Encoding.Unicode.GetBytes(pass)

                    Dim bSalt = Convert.FromBase64String(salt)

                    Dim dst(bSalt.Length + bytes.Length) As Byte

     

                    Dim inArray As Byte() = Nothing

     

                    Dim hash As HashAlgorithm

                    If String.IsNullOrEmpty(hashAlgor) Then hashAlgor = ""

                    Select Case hashAlgor

                        Case "SHA1" : hash = New SHA1Managed

                        Case "SHA256" : hash = New SHA256Managed

                        Case "SHA384" : hash = New SHA384Managed

                        Case "SHA512" : hash = New SHA512Managed

                        Case Else : hash = New MD5CryptoServiceProvider

                    End Select

     

                    Buffer.BlockCopy(bSalt, 0, dst, 0, bSalt.Length)

                    Buffer.BlockCopy(bytes, 0, dst, bSalt.Length, bytes.Length)

     

                    inArray = hash.ComputeHash(dst)

                    Dim hashValue As String = Convert.ToBase64String(inArray)

                    Return hashValue

                Catch ex As Exception

                    EnvLog.WriteEntry("ComputeHash: " & ex.ToString, EventLogEntryType.Error)

                End Try

     

            End Function

     

    Has anyone been able to duplicate the LightSwitch hashing?

    Thanks

    Saturday, January 21, 2012 7:17 PM

Answers

All replies