public static byte[] ConcatenatedSaltAndSaltedHash(string passwordStr) { // hash password with salt.. still trying to understand a bit about the difference between unicode and base 64 string so for now we are just dealing with byte arrays byte[] salt = HelperMethods.CreateSalt(HelperMethods.salt_length); byte[] password = HelperMethods.GenerateSaltedHash(Encoding.UTF8.GetBytes(passwordStr), salt); byte[] concatenated = new byte[salt.Length + password.Length]; Buffer.BlockCopy(salt, 0, concatenated, 0, salt.Length); Buffer.BlockCopy(password, 0, concatenated, salt.Length, password.Length); return(concatenated); }
/// <summary> /// Compare string input to store hash and salt combo /// </summary> /// <param name="input"></param> /// <param name="storedPassword"></param> /// <returns></returns> /// <remarks> TODO move this to Helper</remarks> private bool ValidatePassword(string input, byte[] storedPassword) { byte[] passwordHash = new byte[storedPassword.Length - HelperMethods.salt_length]; byte[] salt = new byte[HelperMethods.salt_length];; Buffer.BlockCopy(storedPassword, 0, salt, 0, salt.Length); // get salt Buffer.BlockCopy(storedPassword, HelperMethods.salt_length, passwordHash, 0, passwordHash.Length); // get hash // successful login.. compare user hash to the hash generated from the inputted password and salt if (passwordHash.SequenceEqual(HelperMethods.GenerateSaltedHash(Encoding.UTF8.GetBytes(input), salt))) { return(true); } else { return(false); } }