Solved

# algorithms - HASHING using SALTS

Posted on 2012-08-29
459 Views
Hi experts,
can you explain me with a code in .net
HASHING using SALTS

The original question is
http://www.experts-exchange.com/Security/Encryption/Q_27842712.html
0
Question by:enrique_aeo

LVL 14

Accepted Solution

Hashing is a method of producing a message digest from an input using a hashing algorithm.  A digest should not be reversible and therefore not reveal the original input, however, there are a number of attacks which can be performed on a hash to obtain the original input (rainbow table attacks for example).

Therefore to improve security you can add a salt, which is simply a known random string which is stored along with the hash.  Where you place the salt is up to you, most commonly you will find it appended or prepended to the original input.  Once the salt value has been added to the original input, this new string is then passed to your hashing algorithm which computes the hash.  The purpose of salting is to add a little more complexity and potentially deter any malicious person from attempting attacks against your hash, as the salt adds an extra level of security by converting what could have been a very simple English dictionary password, into something meaningless.

Below is an example of hashing using the SHA256 algorithm with salting.  It is by no means the only solution and is not "complete", it is merely an simplified example.

``````class Program
{
static void Main(string[] args)
{
string salt = GetSalt();
string part1, part2 = string.Empty;
part1 = password.Substring(0, 5);
string saltedPassword = part1 + salt + part2;
SHA256 sha = new SHA256Managed();
byte[] result = sha.ComputeHash(Encoding.ASCII.GetBytes(saltedPassword));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < result.Length; i++)
{
sBuilder.Append(result[i].ToString("x2"));
}
Console.WriteLine(sBuilder.ToString());
}

public static string GetSalt()
{
string salt = string.Empty;
Random rand = new Random(unchecked((int)DateTime.Now.Ticks));
if (rand != null)
{
byte[] bytes = new byte[32];
rand.NextBytes(bytes);
salt = Convert.ToBase64String(bytes);
}
return salt;
}
}
``````
0

Author Comment

what;s the mean
A digest should not be reversible
0

LVL 14

Assisted Solution

what;s the mean
A digest should not be reversible
Hashing is a one-way function.  You take your plain text then pass it through a hashing algorithm to produce your digest:
``````Plain Text -> SHA256(Plain Text) -> Digest
``````
If you know the Digest you should not be able to reverse the process to obtain the original Plain Text.
0

## Write Comment

Please enter a first name

Please enter a last name

We will never share this with anyone.

## Featured Post

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

#### 758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

#### Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!