Matt Paulson

Entrepreneur, Author, Private Equity Investor
  • Facebook
  • Linkedin
  • Twitter
  • Rss
  • Blog
    • Book Recommendations
    • Church Life & Ministry
    • Community Projects
    • Entrepreneurship
    • Quaterly Updates
    • Startup Community
    • Startup Q&A Show
    • Web Development
  • About
    • Resume
  • My Companies
    • Angel Investments
  • My Books
    • Online Business from Scratch
    • Automatic Income
    • The Ten-Year Turnaround
    • Email Marketing Demystified
    • 40 Rules for Internet Business Success
    • Business Growth Day by Day
    • Simple Savings
  • Media Appearances
  • Contact
Home» Web Development » Hash Passwords in C# and Visual Basic Using SHA-512

Hash Passwords in C# and Visual Basic Using SHA-512

Posted on June 2, 2009 by matt in Web Development 2 Comments
Tweet

We recently covered an easy way to hash passwords using SHA-1 in .NET using either Visual Basic or C#. In most cases, SHA-1 encryption is “secure enough”, but there are some mathematical weaknesses. Microsoft’s .NET platform (specifically the System.Security class) allows you to encrypt passwords with a number of differnet algorithms without having to know the mathematics behind them.

Today, we’re going to encrypt a string with SHA-2, specifically the SHA-512 derivation of SHA-2, which should hypothetically be more secure than SHA-1 because it has a longer message digest than SHA-1. The example code I’m going to show off today also uses a “salt“, whereas the previous function I showed off didn’t. This will make your hashed-passwords more immume to dictionary attacts because not only would the hacker have to develop a hash for every commonly known password, but as well as every commonly known password multiplied by the nearly infinite number of possible salts.

Here’s the function:

    public static string CreateSHAHash(string Password, string Salt)
    {
        System.Security.Cryptography.SHA512Managed HashTool = new System.Security.Cryptography.SHA512Managed();
        Byte[] PasswordAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(Password, Salt));
        Byte[] EncryptedBytes = HashTool.ComputeHash(PasswordAsByte);
        HashTool.Clear();
        return Convert.ToBase64String(EncryptedBytes);
    }

How it works:

This method makes use of the System.Security.Cryptography class. It combines your password and the salt that you provide and  turns it into a byte-array. It runs those bytes through the has computation function provided by the class and returns an 88-bit string of the message-digest/hash that’s created.

Tweet

Comments

2 comments on “Hash Passwords in C# and Visual Basic Using SHA-512”

  1. Thinkerly says:
    November 4, 2009 at 10:54 pm

    Then, if the salt provides entropy and become part of the digest, how can you test the password against the digest?

    Wouldn't the password that needed to be checked against the digest also require the same salt?

    Reply
  2. Matthew Paulson says:
    November 8, 2009 at 1:10 am

    Thinkerly – Yep. You actually keep the salt in a separate non-encrypted record of the database. I think the general idea is to add something to lengthen your string so that (1) it's harder to crack, and (2) any predefined dictionaries of password-hash combinations would be rendered useless…but I'm not much of a security buff, I could be wrong. 🙂

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get Email Updates

Enter your email address below to receive a steady stream of tricks, tips and ideas to help you build a better and more profitable business.

Email Marketing Demystified

The second edition of Email Marketing Demystified is now available. This book teaches you how to build a massive email list, write marketing copy that converts and generate more sales in your business.

Click Here to Get Your Copy of Email Marketing Demystified

Recent Posts

  • Leadership Sioux Falls is Fundraising for New Playground Equipment at Hayward Park. Here’s How You Can Help.

    March 2, 2021
  • Sioux Falls to Celebrate Entrepreneurship Day on March 3, 2021

    February 18, 2021
  • MarketBeat is Hiring for Three Positions (Support, Data Analyst and Web Developer)

    February 17, 2021
  • The Biggest Mistake You Can Make with Your Email Sign-Up Forms

    February 16, 2021
  • Five Lessons Learned from the MarketBeat Burger Project

    February 2, 2021

    Follow me on Facebook & YouTube

    Contact

    • [email protected]
    • Contact Us
    • matthew-paulson
      • Facebook
      • Twitter
      • Linkedin
      • Instagram
      • Rss

    © Matthew Paulson 2003-2021. All Rights Reserved.

    Privacy Policy