public HashSalt GenerateSaltedHash(int size, string password)
{
var saltBytes = new byte[size];
var provider = new RNGCryptoServiceProvider();
provider.GetNonZeroBytes(saltBytes);
var salt = Convert.ToBase64String(saltBytes);
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000);
var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
HashSalt hashSalt = new HashSalt {
Hash = hashPassword, Salt = salt
};
return(hashSalt);
}
public void AddUser(string newUsername, string newPassword)
{
//insert username salt and hash
var addQry = ($"INSERT INTO login(username, salt, hash) VALUES (@username, @salt, @hash)");
using (var con = new SQLiteConnection(cs))
{
con.Open();
using (var cmd = new SQLiteCommand(con))
{
cmd.CommandText = $"{addQry}";
hashSalt = hashSalt.GenerateSaltedHash(64, newPassword);
cmd.Parameters.AddWithValue("@username", $"{newUsername}");
cmd.Parameters.AddWithValue("@salt", hashSalt.Salt);
cmd.Parameters.AddWithValue("@hash", hashSalt.Hash);
//!!!***combine and concat salt and hash to make userID***!!!
cmd.Prepare();
cmd.ExecuteNonQuery();
}
}
}
