i have a problem when i want to compare my password with that password that hashed in mysql database and always say incorrect while i login it is my code for hashing and comparing: class Hashing { const int salt_size = 32; const int hash_size = 32; const int iteration = 167319; public static string Generate( string password) { var salt = new byte [salt_size]; using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) { rng.GetBytes(salt); } using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt, iteration)) { byte [] hash = pbkdf2.GetBytes(salt_size); return Convert.ToBase64String(salt) + "|" + iteration + "|" + Convert.ToBase64String(hash); } } public static bool isCorrect( string pass, string hash) { string [] hashsplit = hash.Split( '|' ); byte [] salt = Convert.FromBase64String(hashsplit[0]); int iteration = Int32.Parse(hashsplit[1]); string hashed = hashsplit[2]; using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pass,salt,iteration)) { byte [] Hash = pbkdf2.GetBytes(salt_size); if (hashed == Convert.ToBase64String(Hash)) { return true ; } else { return false ; } } } } and this code is for checking username and password from mysql: class Lg : Msql_connection { private string username { set ; get ; } private string pass { set ; get ; } public bool validate_Login( string username, string pass) { bool check = false ; MySqlDataReader mdr; MySqlDataReader mdr2; MySqlDataReader mdr3; string passw = "" ; using (MySqlCommand mcmd3 = new MySqlCommand()) { mcmd3.CommandText = "select password from login" ; mcmd3.Connection = msc; msc.Close(); msc.Open(); mdr3 = mcmd3.ExecuteReader(); if (mdr3.Read()) { passw = mdr3[ "password" ].ToString(); } msc.Close(); } using (MySqlCommand mcmd2 = new MySqlCommand()) { mcmd2.CommandText = "select hid,attempt,time from login_attempt" ; mcmd2.Connection = msc; msc.Close(); msc.Open(); mdr2 = mcmd2.ExecuteReader(); if (mdr2.Read()&& int .Parse(mdr2[ "attempt" ].ToString()) { using (MySqlCommand mcmd = new MySqlCommand()) { mcmd.CommandText = "select username,password from login where binary username=@user and password=@pass" ; mcmd.Connection = msc; msc.Close(); msc.Open(); mcmd.Parameters.Add( "@user" , MySqlDbType.VarChar).Value = this .username=username; mcmd.Parameters.Add( "@pass" , MySqlDbType.Text).Value = this .pass = Hashing.isCorrect(pass, passw).ToString(); mdr = mcmd.ExecuteReader(); if (mdr.HasRows) { if (mdr.Read()) { reset_Attempt(); MessageBox.Show( "correct" ); check = true ; } } else { check = false ; update_Attempt(); MessageBox.Show( "incorrect" ); } } } else if ( int .Parse(mdr2[ "attempt" ].ToString()) >= 4) { check = false ; MessageBox.Show( "You have been restrict" ); set_time(); } } msc.Close(); return check; } }

Answer

pbkdf2 problem when compare password with the hash on mysql

zanyar halabjay

1.3k

i have a problem when i want to compare my password with that password that hashed in mysql database and always say incorrect while i login it is my code for hashing and comparing:

class Hashing
{
const int salt_size = 32;
const int hash_size = 32;
const int iteration = 167319;
public static string Generate(string password)
{
var salt = new byte[salt_size];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) {
rng.GetBytes(salt);
}
using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(password, salt, iteration))
{
byte[] hash = pbkdf2.GetBytes(salt_size);
return Convert.ToBase64String(salt) + "|" + iteration + "|" + Convert.ToBase64String(hash);
}
}
public static bool isCorrect(string pass,string hash)
{
string[] hashsplit = hash.Split('|');
byte[] salt = Convert.FromBase64String(hashsplit[0]);
int iteration = Int32.Parse(hashsplit[1]);
string hashed = hashsplit[2];
using (Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pass,salt,iteration))
{
byte[] Hash = pbkdf2.GetBytes(salt_size);
if (hashed == Convert.ToBase64String(Hash))
{
return true;
}
else
{
return false;
}
}
}
}

and this code is for checking username and password from mysql:

class Lg : Msql_connection
{
private string username { set; get; }
private string pass { set; get; }
public bool validate_Login(string username, string pass)
{
bool check = false;
MySqlDataReader mdr;
MySqlDataReader mdr2;
MySqlDataReader mdr3;
string passw = "";
using (MySqlCommand mcmd3 = new MySqlCommand())
{
mcmd3.CommandText = "select password from login";
mcmd3.Connection = msc;
msc.Close();
msc.Open();
mdr3 = mcmd3.ExecuteReader();
if (mdr3.Read())
{
passw = mdr3["password"].ToString();
}
msc.Close();
}
using (MySqlCommand mcmd2 = new MySqlCommand())
{
mcmd2.CommandText = "select hid,attempt,time from login_attempt";
mcmd2.Connection = msc;
msc.Close();
msc.Open();
mdr2 = mcmd2.ExecuteReader();
if (mdr2.Read()&&int.Parse(mdr2["attempt"].ToString()) < 4)
{
using (MySqlCommand mcmd = new MySqlCommand())
{
mcmd.CommandText = "select username,password from login where binary username=@user and password=@pass";
mcmd.Connection = msc;
msc.Close();
msc.Open();
mcmd.Parameters.Add("@user", MySqlDbType.VarChar).Value = this.username=username;
mcmd.Parameters.Add("@pass", MySqlDbType.Text).Value = this.pass = Hashing.isCorrect(pass, passw).ToString();
mdr = mcmd.ExecuteReader();
if (mdr.HasRows)
{
if (mdr.Read())
{
reset_Attempt();
MessageBox.Show("correct");
check = true;
}
}
else
{
check = false;
update_Attempt();
MessageBox.Show("incorrect");
}
}
}
else if (int.Parse(mdr2["attempt"].ToString()) >= 4)
{
check = false;
MessageBox.Show("You have been restrict");
set_time();
}
}
msc.Close();
return check;
}
}

Next Recommended Forum

How to mange multiple logins for same user ASP.NET MVC

Implement Cross Site Request Forgery

Forum Statistics

Please welcome our newest member Srikonda Bhargava Varma.
3,081,467 users have contributed to 147,418 threads and 483,470
In the past 24 hours, we have 5 new threads, 12 new posts, and 27 new users.
In last week, the most popular thread is 'c#.net listbox update problem'.

Upcoming events

View all