TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
zanyar halabjay
NA
6
2.1k
pbkdf2 problem when compare password with the hash on mysql
Nov 14 2019 11:40 AM
i have a problem when i want to compare my password with that password that hashed in mysql database and always say incorrect while i login it is my code for hashing and comparing:
class
Hashing
{
const
int
salt_size = 32;
const
int
hash_size = 32;
const
int
iteration = 167319;
public
static
string
Generate(
string
password)
{
var salt =
new
byte
[salt_size];
using
(RNGCryptoServiceProvider rng =
new
RNGCryptoServiceProvider()) {
rng.GetBytes(salt);
}
using
(Rfc2898DeriveBytes pbkdf2 =
new
Rfc2898DeriveBytes(password, salt, iteration))
{
byte
[] hash = pbkdf2.GetBytes(salt_size);
return
Convert.ToBase64String(salt) +
"|"
+ iteration +
"|"
+ Convert.ToBase64String(hash);
}
}
public
static
bool
isCorrect(
string
pass,
string
hash)
{
string
[] hashsplit = hash.Split(
'|'
);
byte
[] salt = Convert.FromBase64String(hashsplit[0]);
int
iteration = Int32.Parse(hashsplit[1]);
string
hashed = hashsplit[2];
using
(Rfc2898DeriveBytes pbkdf2 =
new
Rfc2898DeriveBytes(pass,salt,iteration))
{
byte
[] Hash = pbkdf2.GetBytes(salt_size);
if
(hashed == Convert.ToBase64String(Hash))
{
return
true
;
}
else
{
return
false
;
}
}
}
}
and this code is for checking username and password from mysql:
class
Lg : Msql_connection
{
private
string
username {
set
;
get
; }
private
string
pass {
set
;
get
; }
public
bool
validate_Login(
string
username,
string
pass)
{
bool
check =
false
;
MySqlDataReader mdr;
MySqlDataReader mdr2;
MySqlDataReader mdr3;
string
passw =
""
;
using
(MySqlCommand mcmd3 =
new
MySqlCommand())
{
mcmd3.CommandText =
"select password from login"
;
mcmd3.Connection = msc;
msc.Close();
msc.Open();
mdr3 = mcmd3.ExecuteReader();
if
(mdr3.Read())
{
passw = mdr3[
"password"
].ToString();
}
msc.Close();
}
using
(MySqlCommand mcmd2 =
new
MySqlCommand())
{
mcmd2.CommandText =
"select hid,attempt,time from login_attempt"
;
mcmd2.Connection = msc;
msc.Close();
msc.Open();
mdr2 = mcmd2.ExecuteReader();
if
(mdr2.Read()&&
int
.Parse(mdr2[
"attempt"
].ToString()) < 4)
{
using
(MySqlCommand mcmd =
new
MySqlCommand())
{
mcmd.CommandText =
"select username,password from login where binary username=@user and password=@pass"
;
mcmd.Connection = msc;
msc.Close();
msc.Open();
mcmd.Parameters.Add(
"@user"
, MySqlDbType.VarChar).Value =
this
.username=username;
mcmd.Parameters.Add(
"@pass"
, MySqlDbType.Text).Value =
this
.pass = Hashing.isCorrect(pass, passw).ToString();
mdr = mcmd.ExecuteReader();
if
(mdr.HasRows)
{
if
(mdr.Read())
{
reset_Attempt();
MessageBox.Show(
"correct"
);
check =
true
;
}
}
else
{
check =
false
;
update_Attempt();
MessageBox.Show(
"incorrect"
);
}
}
}
else
if
(
int
.Parse(mdr2[
"attempt"
].ToString()) >= 4)
{
check =
false
;
MessageBox.Show(
"You have been restrict"
);
set_time();
}
}
msc.Close();
return
check;
}
}
Reply
Answers (
0
)
How to mange multiple logins for same user ASP.NET MVC
Implement Cross Site Request Forgery