How do I use the .Net implementation of BCrypt for SQL Server?
I have searched on google, unfortunately I cannot find the expected answers I want.
I downloaded the .NET implementation of BCrypt
Honestly, I usually code in PHP, I have no idea about things like .Net
source to share
I'm assuming you already have a schema for storing the users hash in some kind of user profile table?
Let's say that this table is in the following format:
PersonID int PrimaryKey PersonName nvarchar(50) PersonPasswordHash varchar(128) PersonPasswordSalt nvarchar(10)
then in your .net code (example in C #) you would go and do the following when creating a new user
string passwordPlain = txtPassword.Text; // This is the password entered by the user
/* a work factor of 10 is default, but you can mention any thing from 4 to 31.
But keep in mind that for every increment in work factor the work increases
twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);
// Now store the passwordHash and passwordSalt in the database for that user
After you have obtained the above values, store the corresponding values ββin the database.
When it's time to check the login, get information about passwordHash
and passwordSalt
from the database, and you can check the following:
string originalPasswordSalt; // retireive its value from the DB
string originalPasswordHash; // retireive its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);
if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}