public HashSalt GenerateSaltedHash(int size, string password) { var saltBytes = new byte[size]; var provider = new RNGCryptoServiceProvider(); provider.GetNonZeroBytes(saltBytes); var salt = Convert.ToBase64String(saltBytes); var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000); var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256)); HashSalt hashSalt = new HashSalt { Hash = hashPassword, Salt = salt }; return(hashSalt); }
public void AddUser(string newUsername, string newPassword) { //insert username salt and hash var addQry = ($"INSERT INTO login(username, salt, hash) VALUES (@username, @salt, @hash)"); using (var con = new SQLiteConnection(cs)) { con.Open(); using (var cmd = new SQLiteCommand(con)) { cmd.CommandText = $"{addQry}"; hashSalt = hashSalt.GenerateSaltedHash(64, newPassword); cmd.Parameters.AddWithValue("@username", $"{newUsername}"); cmd.Parameters.AddWithValue("@salt", hashSalt.Salt); cmd.Parameters.AddWithValue("@hash", hashSalt.Hash); //!!!***combine and concat salt and hash to make userID***!!! cmd.Prepare(); cmd.ExecuteNonQuery(); } } }