algorithms - HASHING using SALTS

Posted on 2012-08-29
Last Modified: 2012-09-04
Hi experts,
can you explain me with a code in .net

The original question is
Question by:enrique_aeo
    LVL 14

    Accepted Solution

    Hashing is a method of producing a message digest from an input using a hashing algorithm.  A digest should not be reversible and therefore not reveal the original input, however, there are a number of attacks which can be performed on a hash to obtain the original input (rainbow table attacks for example).

    Therefore to improve security you can add a salt, which is simply a known random string which is stored along with the hash.  Where you place the salt is up to you, most commonly you will find it appended or prepended to the original input.  Once the salt value has been added to the original input, this new string is then passed to your hashing algorithm which computes the hash.  The purpose of salting is to add a little more complexity and potentially deter any malicious person from attempting attacks against your hash, as the salt adds an extra level of security by converting what could have been a very simple English dictionary password, into something meaningless.

    Below is an example of hashing using the SHA256 algorithm with salting.  It is by no means the only solution and is not "complete", it is merely an simplified example.

    class Program
        static void Main(string[] args)
            string password = "someabitrarypassword";
            string salt = GetSalt();
            string part1, part2 = string.Empty;
            part1 = password.Substring(0, 5);
            part2 = password.Substring(5);
            string saltedPassword = part1 + salt + part2;
            SHA256 sha = new SHA256Managed();
            byte[] result = sha.ComputeHash(Encoding.ASCII.GetBytes(saltedPassword));
            StringBuilder sBuilder = new StringBuilder();
            for (int i = 0; i < result.Length; i++)
        public static string GetSalt()
            string salt = string.Empty;
            Random rand = new Random(unchecked((int)DateTime.Now.Ticks));
            if (rand != null)
                byte[] bytes = new byte[32];
                salt = Convert.ToBase64String(bytes);
            return salt;

    Open in new window


    Author Comment

    what;s the mean
    A digest should not be reversible
    LVL 14

    Assisted Solution

    what;s the mean
    A digest should not be reversible
    Hashing is a one-way function.  You take your plain text then pass it through a hashing algorithm to produce your digest:
    Plain Text -> SHA256(Plain Text) -> Digest

    Open in new window

    If you know the Digest you should not be able to reverse the process to obtain the original Plain Text.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
    Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now