2 Replies - 882 Views - Last Post: 31 March 2012 - 12:32 PM Rate Topic: -----

#1 Tenderfoot  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 11
  • View blog
  • Posts: 160
  • Joined: 21-March 12

A question regarding the Basic Login System tutorial

Posted 31 March 2012 - 05:58 AM

So I have this small question regarding JackofAllTrades's tutorial; "Basic Login System part I" which can be found here:
http://www.dreaminco...sword-handling/

I tried to follow this tutorial and wrote a small code, using 99.99% of his code and 0.01% of mine, attempting to use it.

His code can be found in the article above, but I'll also post it below. But first, I'm going to post my code:

            static void Main(string[] args)
        {
            string password = "password", incorrectPassword = "Password";
            SHA512 hashAlg = new SHA512Managed();
            byte[] finalOutput;
            bool samePassword = false;

            finalOutput = PasswordHasher.HashPassword(password, hashAlg);

            samePassword = PasswordHasher.ComparePassword(password, finalOutput, hashAlg);

            if (samePassword) //If I use incorrectPassword in ComparePassword this part doesn't run, but if I use password it does, which is what I wanted
            {
                Console.WriteLine("The password matches!");
            }

            else
            {
                Console.WriteLine("The password doesn't match.");
            }

            Console.ReadLine(); 
        }



Now, the code above works like I wanted it to. However, there are 2 methods that were in JackofAllTrades's code that I never use, the following 2:

/// <summary>
            /// Create a human-readable hexadecimal string from the
            /// byte array by walking the array and converting each byte
            /// into a 2-digit hexadecimal value.
            /// </summary>
            /// <param name="data">The byte array to make human-readable</param>
            /// <returns>The human-readable string</returns>
            public static string CreateTextString(byte[] data)
            {
                // Create a human-readable hexadecimal string from the
                // byte array by walking the array and converting each byte
                // into a 2-digit hexadecimal value.
                StringBuilder sb = new StringBuilder(data.Length * 2);
                for (int i = 0; i < data.Length; ++i)
                {
                    sb.AppendFormat("{0:x2}", data[i]);
                }
                return sb.ToString();
            }

            /// <summary>
            /// Transform the provided human-readable hexadecimal string to
            /// an array of bytes.
            /// </summary>
            /// <param name="data">The string to transform</param>
            /// <returns>The byte array representation of the hexadecimal string</returns>
            public static byte[] CreateByteArray(string data)
            {
                // Since each byte is represented by a 2-digit hex number,
                // we know that the length of the resulting byte array is
                // half the length of the passed-in data.
                byte[] binData = new byte[data.Length / 2];
                for (int i = 0; i < data.Length; i += 2)
                {
                    binData[i / 2] = Convert.ToByte(data.Substring(i, 2), 16);
                }

                return binData;
            }



So my question is: When, where, and why would I use these two methods?

In order to keep this as short as possible I'll skip posting the whole code. It can be found here: http://www.dreaminco...sword-handling/ - the only thing I added was the main method.

This post has been edited by Tenderfoot: 31 March 2012 - 06:00 AM


Is This A Good Question/Topic? 0
  • +

Replies To: A question regarding the Basic Login System tutorial

#2 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6091
  • View blog
  • Posts: 23,606
  • Joined: 23-August 08

Re: A question regarding the Basic Login System tutorial

Posted 31 March 2012 - 08:18 AM

You could use those for saving into/retrieving from a database or file (instead of saving/retrieving the binary hash).

However, at this point, I would actually recommend using something like BCrypt.NET.
Was This Post Helpful? 1
  • +
  • -

#3 Tenderfoot  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 11
  • View blog
  • Posts: 160
  • Joined: 21-March 12

Re: A question regarding the Basic Login System tutorial

Posted 31 March 2012 - 12:32 PM

View PostJackOfAllTrades, on 31 March 2012 - 08:18 AM, said:

You could use those for saving into/retrieving from a database or file (instead of saving/retrieving the binary hash).

However, at this point, I would actually recommend using something like BCrypt.NET.


Cheers for that, and I will check that Bcrypt.NET out in a minute - just wanted to make sure that I got this right first.

I think it's working now, at least:

class Program
    {
        static SqlConnection myConnection = new SqlConnection();

        static void Main(string[] args)
        {
            #region Setting up connection to SQL
            myConnection = new SqlConnection("user id=username;" + 
                                       "password=password;server=Ragnar-PC\\SQLExpress;" + 
                                       "Trusted_Connection=yes;" +
                                       "database=MyDatabase; " +
                                       "connection timeout=30");
            #endregion 

            OpenSQLConnection(myConnection); 

            string passwordToSendToDatabase = "password", passwordToCheck = "password";
            SHA512 hashAlg = new SHA512Managed();
            byte[] passwordByteArray, passwordFromDatabaseArray;
            bool samePassword = false;

            passwordByteArray = PasswordHasher.HashPassword(passwordToSendToDatabase, hashAlg); //Hashes the password and sends to byte array

            SqlCommand myCommand = new SqlCommand("Command string", myConnection); 

            /// Used the method below to create a string from the passwordByteArray and save it to the database
            //SavePasswordtoDatabase(myCommand, PasswordHasher.CreateTextString(passwordByteArray)); //Second parameter creates a string which the method saves to the database
            
            ///Used the RetrievePassword method to retrieve the password string from the database, and create a byte array from it 
            passwordFromDatabaseArray = PasswordHasher.CreateByteArray(RetrievePasswordfromDatabase(myCommand)); 

            ///Compare the password I want to check  with the passwordArray from the database
            samePassword = PasswordHasher.ComparePassword(passwordToCheck, passwordFromDatabaseArray, hashAlg);

            #region check whether samePassword is true or false
            if (samePassword)
            {
                Console.WriteLine("The password matches!");
            }

            else
            {
                Console.WriteLine("The password doesn't match.");
            }
            #endregion 
            Console.ReadLine(); 
        }




The above code is my current main method. I was having some trouble coming up with decent names for my variables. :dozingoff:

Anyhow, it does seem to work now because:

1) At first I send the password "password" to the database, first I hash it and send it to a byte array, then I use the createText method on it. Then if I "select * from table" in the database I see a fairly long random number to represent the password varchar.

2) Then I retrieve it, send it to a byteArray, and compare it with the password I want to compare it to. And if the "passwordToCheck = password" it comes out as correct, but if it's "Password" it comes out as incorrect.

So what I was wondering is, does that sound about right for what I tried to do? And if not/if there's any doubt, let me know and I'll post the methods I created and used to achieve that.

But again, thanks for your help and thanks for your tutorial, I'll start looking into BCrypt.NET now ^^
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1