• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 475
  • Last Modified:

algorithms - HASHING using SALTS

Hi experts,
can you explain me with a code in .net
HASHING using SALTS

The original question is
http://www.experts-exchange.com/Security/Encryption/Q_27842712.html
0
enrique_aeo
Asked:
enrique_aeo
  • 2
2 Solutions
 
Vel EousResearch & Development ManagerCommented:
Hashing is a method of producing a message digest from an input using a hashing algorithm.  A digest should not be reversible and therefore not reveal the original input, however, there are a number of attacks which can be performed on a hash to obtain the original input (rainbow table attacks for example).

Therefore to improve security you can add a salt, which is simply a known random string which is stored along with the hash.  Where you place the salt is up to you, most commonly you will find it appended or prepended to the original input.  Once the salt value has been added to the original input, this new string is then passed to your hashing algorithm which computes the hash.  The purpose of salting is to add a little more complexity and potentially deter any malicious person from attempting attacks against your hash, as the salt adds an extra level of security by converting what could have been a very simple English dictionary password, into something meaningless.

Below is an example of hashing using the SHA256 algorithm with salting.  It is by no means the only solution and is not "complete", it is merely an simplified example.

class Program
{
    static void Main(string[] args)
    {
        string password = "someabitrarypassword";
        string salt = GetSalt();
        string part1, part2 = string.Empty;
        part1 = password.Substring(0, 5);
        part2 = password.Substring(5);
        string saltedPassword = part1 + salt + part2;
        SHA256 sha = new SHA256Managed();
        byte[] result = sha.ComputeHash(Encoding.ASCII.GetBytes(saltedPassword));
        StringBuilder sBuilder = new StringBuilder();
        for (int i = 0; i < result.Length; i++)
        {
            sBuilder.Append(result[i].ToString("x2"));
        }
        Console.WriteLine(sBuilder.ToString());
        Console.ReadLine();
    }

    public static string GetSalt()
    {
        string salt = string.Empty;
        Random rand = new Random(unchecked((int)DateTime.Now.Ticks));
        if (rand != null)
        {
            byte[] bytes = new byte[32];
            rand.NextBytes(bytes);
            salt = Convert.ToBase64String(bytes);
        }
        return salt;
    }
}

Open in new window

0
 
enrique_aeoAuthor Commented:
what;s the mean
A digest should not be reversible
0
 
Vel EousResearch & Development ManagerCommented:
what;s the mean
A digest should not be reversible
Hashing is a one-way function.  You take your plain text then pass it through a hashing algorithm to produce your digest:
Plain Text -> SHA256(Plain Text) -> Digest

Open in new window

If you know the Digest you should not be able to reverse the process to obtain the original Plain Text.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now