Why Join
Become a member
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
C# Corner Home
Technologies
MonthlyLeaders
ASK A QUESTION
Forumguidelines
zanyar halabjay
2k
6
605
pbkdf2 problem when compare password with the hash on mysql
Nov 14 2019 11:40 AM
i have a problem when i want to compare my password with that password that hashed in mysql database and always say incorrect while i login it is my code for hashing and comparing:
class
Hashing
{
const
int
salt_size = 32;
const
int
hash_size = 32;
const
int
iteration = 167319;
public
static
string
Generate(
string
password)
{
var salt =
new
byte
[salt_size];
using
(RNGCryptoServiceProvider rng =
new
RNGCryptoServiceProvider()) {
rng.GetBytes(salt);
}
using
(Rfc2898DeriveBytes pbkdf2 =
new
Rfc2898DeriveBytes(password, salt, iteration))
{
byte
[] hash = pbkdf2.GetBytes(salt_size);
return
Convert.ToBase64String(salt) +
"|"
+ iteration +
"|"
+ Convert.ToBase64String(hash);
}
}
public
static
bool
isCorrect(
string
pass,
string
hash)
{
string
[] hashsplit = hash.Split(
'|'
);
byte
[] salt = Convert.FromBase64String(hashsplit[0]);
int
iteration = Int32.Parse(hashsplit[1]);
string
hashed = hashsplit[2];
using
(Rfc2898DeriveBytes pbkdf2 =
new
Rfc2898DeriveBytes(pass,salt,iteration))
{
byte
[] Hash = pbkdf2.GetBytes(salt_size);
if
(hashed == Convert.ToBase64String(Hash))
{
return
true
;
}
else
{
return
false
;
}
}
}
}
and this code is for checking username and password from mysql:
class
Lg : Msql_connection
{
private
string
username {
set
;
get
; }
private
string
pass {
set
;
get
; }
public
bool
validate_Login(
string
username,
string
pass)
{
bool
check =
false
;
MySqlDataReader mdr;
MySqlDataReader mdr2;
MySqlDataReader mdr3;
string
passw =
""
;
using
(MySqlCommand mcmd3 =
new
MySqlCommand())
{
mcmd3.CommandText =
"select password from login"
;
mcmd3.Connection = msc;
msc.Close();
msc.Open();
mdr3 = mcmd3.ExecuteReader();
if
(mdr3.Read())
{
passw = mdr3[
"password"
].ToString();
}
msc.Close();
}
using
(MySqlCommand mcmd2 =
new
MySqlCommand())
{
mcmd2.CommandText =
"select hid,attempt,time from login_attempt"
;
mcmd2.Connection = msc;
msc.Close();
msc.Open();
mdr2 = mcmd2.ExecuteReader();
if
(mdr2.Read()&&
int
.Parse(mdr2[
"attempt"
].ToString()) < 4)
{
using
(MySqlCommand mcmd =
new
MySqlCommand())
{
mcmd.CommandText =
"select username,password from login where binary username=@user and password=@pass"
;
mcmd.Connection = msc;
msc.Close();
msc.Open();
mcmd.Parameters.Add(
"@user"
, MySqlDbType.VarChar).Value =
this
.username=username;
mcmd.Parameters.Add(
"@pass"
, MySqlDbType.Text).Value =
this
.pass = Hashing.isCorrect(pass, passw).ToString();
mdr = mcmd.ExecuteReader();
if
(mdr.HasRows)
{
if
(mdr.Read())
{
reset_Attempt();
MessageBox.Show(
"correct"
);
check =
true
;
}
}
else
{
check =
false
;
update_Attempt();
MessageBox.Show(
"incorrect"
);
}
}
}
else
if
(
int
.Parse(mdr2[
"attempt"
].ToString()) >= 4)
{
check =
false
;
MessageBox.Show(
"You have been restrict"
);
set_time();
}
}
msc.Close();
return
check;
}
}
Reply
Answers (
0
)
How to mange multiple logins for same user ASP.NET MVC
Implement Cross Site Request Forgery