0

I am new to C# ,Here in my web API project I have some code for hashing the user password using SHA3 .

In API I have 2 methods

First method is used for when new User create an account I just hashing the password and store it in the table.

The second method is for when the same user log In again I fetch the hashed password(string) and verify the current password with it .

Here I have faced the error as I mentioned in the title and I referred some related post in SO also but I could't solve this issue .

I have verified that the stored and fetched string has the same characters also the generated and stored string has the same characters.

I don't know where I did the mistakes .

Password  : Abcd@123

 Hashed String : k/OMmdnW6FZ+zsOrE2rkdy8YEUH/rep5dlcRIwnG8Vc7kQ81VL8dEQv2Clyp7iRhb0HSfKtgOLBj5g/YbqHq7FKDj5epafNwasE=

Calling Confirm method

 bool isPasswordPassed = false;
                if (mHashedPassword != " " && mUserPassword != " ")
                {
                    isPasswordPassed = Hashing.Confirm(mUserPassword, mHashedPassword, Supported_HA.SHA512);
                }

Confirm

public static bool Confirm(string plainText, string hashValue, Supported_HA hash)
        {
            byte[] hashBytes = Convert.FromBase64String(hashValue);//This line passing the error as in my title.
......
.......
.....
        }

But It works fine when I check the code like this ...

check(mUserPassword){
    string a = Hashing.ComputeHash(mUserPassword, Supported_HA.SHA512, null);
    bool b = Hashing.Confirm(mUserPassword, a, Supported_HA.SHA512);
}

Here I am passing the password to generate hash and the confirm hash but it returns TRUE

Can anyone help me to solve this .

Reference : https://www.youtube.com/watch?v=0dgTf9TUDHU

Zhu
  • 3,679
  • 14
  • 45
  • 76
  • Down voting with reason is helpful for me in future – Zhu Sep 06 '18 at 15:18
  • 1
    FromBase64String(hashValue) fails so the issue is clearly with the value of hashValue which is *not* the "Hashed String" value you have show as that works fine. – Alex K. Sep 06 '18 at 15:30
  • @AlexK. actually I verified the hashValue the string char is same as stored in DB also I verified the created hash with stored hash. can you help me in this – Zhu Sep 06 '18 at 15:45
  • 1
    Your example hash decodes fine - http://rextester.com/QVIRO42009 - so `hashValue` is not that string, inspect it in the debugger & see what it actually is. – Alex K. Sep 06 '18 at 15:51
  • Debugger shows the same values which I have stored in DB..Really messed with it @AlexK. – Zhu Sep 06 '18 at 16:00

1 Answers1

0

It may be an encoding conversion Base64 Unicode. you should pass the encoding 

var plainTextBytes = System.Text.Encoding.Unicode.GetBytes(plainText);
string hashValue  = Convert.ToBase64String(plainTextBytes);

then in the Confirm method

byte[] hashBytes = Convert.FromBase64String(hashValue);

should work. Regards

PabloDev
  • 1