Password Hashing


  • I've created a screen to update user login credentials and cannot get my hashed password calculation to match the built in LightSwitch hashing.

    When I pass the same passsword and salt to the following function it returns a different hash that what LS creates when I use the built in user form. I've tried all the hashing algorithms and none of them match. It should be using the default "SHA1" hash. 

           Private Function ComputeHash2(pass As String, hashAlgor As String, salt As String)


                    Dim bytes = Encoding.Unicode.GetBytes(pass)

                    Dim bSalt = Convert.FromBase64String(salt)

                    Dim dst(bSalt.Length + bytes.Length) As Byte


                    Dim inArray As Byte() = Nothing


                    Dim hash As HashAlgorithm

                    If String.IsNullOrEmpty(hashAlgor) Then hashAlgor = ""

                    Select Case hashAlgor

                        Case "SHA1" : hash = New SHA1Managed

                        Case "SHA256" : hash = New SHA256Managed

                        Case "SHA384" : hash = New SHA384Managed

                        Case "SHA512" : hash = New SHA512Managed

                        Case Else : hash = New MD5CryptoServiceProvider

                    End Select


                    Buffer.BlockCopy(bSalt, 0, dst, 0, bSalt.Length)

                    Buffer.BlockCopy(bytes, 0, dst, bSalt.Length, bytes.Length)


                    inArray = hash.ComputeHash(dst)

                    Dim hashValue As String = Convert.ToBase64String(inArray)

                    Return hashValue

                Catch ex As Exception

                    EnvLog.WriteEntry("ComputeHash: " & ex.ToString, EventLogEntryType.Error)

                End Try


            End Function


    Has anyone been able to duplicate the LightSwitch hashing?


    Saturday, January 21, 2012 7:17 PM


All replies