Generate password hash

c# sql winforms hash

14,097

You can use a hash algorithm like MD5, SHA1, SHA265, SHA512, ... to hash the password. For example:

public string Hash(string password)
{
    var bytes = new UTF8Encoding().GetBytes(password);
    var hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(bytes);
    return Convert.ToBase64String(hashBytes);
}

Then store the hash of password in database and when you want to compare entered password with database stored value, compare hash of entered value with database value.

EDIT

Consider using the SHA256 or the SHA512 instead of the MD5:

public string Hash(string password)
{
    var bytes = new UTF8Encoding().GetBytes(password);
    byte[] hashBytes;
    using (var algorithm = new System.Security.Cryptography.SHA512Managed())
    {
        hashBytes = algorithm.ComputeHash(bytes);
    }
    return Convert.ToBase64String(hashBytes);
}

This is a just simple example: in a real-world scenario, you should use a salt for the hash as well. You can read more about salting here.

14,097

Author by

imamage597

Updated on June 27, 2022

Comments

imamage597 about 2 years

For my login system, I wish to hash the passwords in my database. So I decided I would read up on hashing and how to do it but unfortunately it doesn't really make any sense to me as I can't find examples for what I want.

I want it so that when a user account is created, the password is hashed and stored within my database and then when they login it hashes the login password and checks it with the hashed password in the database. If this makes any sense I'd appreciate the help.

If you need examples of my code or whatever then ask and I will edit it into my question.
c4pricorn over 8 years

Simply and effectively!
DrewJordan over 8 years

Is it OK to still use MD5 for this? I hear all kinds of things...
Reza Aghaei over 8 years

@DrewJordan In general it is ok, but you can use other hash algorithms too, I said hash algorithm like MD5 to leave the option of changing the algorithm for OP. And the OP looks for a good example. Here is a good and simple one ;)
Dmitry Savchenko over 8 years

@DrewJordan No, bcrypt is definitely a much better choice.
Reza Aghaei over 8 years

@DmitrySavchenko You are completely right but I think the question is about programming not security.
DrewJordan over 8 years

I agree, this is a good, simple example. I'm no expert, but I read all over the place not to use MD5 anymore. While this is a good, clear example, it will lead the OP to use MD5. See this for an example of what I mean. I just think, it would be a better answer, if you mentioned that MD5 is an example here, and we should use a different algorithm in production environments.
imamage597 over 8 years

How would I use this when creating a new account. Say I use a SQL command of "INSERT into [Database] (Username, Password, Role)..."?
Reza Aghaei over 8 years

@imamage597 Simply use parametric query and pass Hash(passwordTextBox.Text) as value of @Password
Reza Aghaei over 8 years

@DrewJordan I added the sample code for using SHA512Managed. but for bcrypt the OP should use BCrypt.Net or BCryptCreateHash windows api fnction. Hope you find it helpful.
Reza Aghaei over 8 years

@DmitrySavchenko I added the sample code for using SHA512Managed. but for bcrypt the OP should use BCrypt.Net or BCryptCreateHash windows api fnction. Hope you find it helpful.
DrewJordan over 8 years

Awesome, I like it much better now.
Reza Aghaei over 8 years

Thank you for your feedback :)
Huntt over 8 years

@DrewJordan By your logic, we should also mention that we should use salt with a hash. Since that is strongly recommended in a production environment.
Reza Aghaei over 8 years

@Huntt Yes it makes the hash more secure but I think the question is not about security and such questions can be asked in security.stackexchange.com :)
Huntt over 8 years

@Reza Aghaei I disagree, the reason why someone would ask about hashing is for security, otherwise they just would've saved their passwords in plaintext. and how to hash pretty much belongs on SO. And if we are allready advising against MD5 for security reasons, it can't hurt to put readers on a good path all together and also advise them to consider using Salt for their hashes.
DrewJordan over 8 years

@RezaAghaei I just added a sentence saying that, hope you don't mind :)
Reza Aghaei over 8 years

@Huntt Thank you for your comment, I know what you mean and it is the reason that I respect the edit that DrewJordan made in answer to make it more useful for future readers :) Hope you find it useful too:)
Reza Aghaei over 8 years

@DrewJordan It's OK :) hope it makes the answer more useful for future readers.