0

I create sign Up form with username and pass then I hash password using Argon2 Algorithm . this is code for hashing:

private byte[] CreateSalt()
        {
            var buffer = new byte[16];
            var rng = new RNGCryptoServiceProvider();
            rng.GetBytes(buffer);
            return buffer;
        }
        private byte[] HashPassword(string password, byte[] salt)
        {
            var argon2 = new Argon2id(Encoding.UTF8.GetBytes(password));

            argon2.Salt = salt;
            argon2.DegreeOfParallelism = 4; // four cores
            argon2.Iterations = 4;
            argon2.MemorySize = 256 * 256;

            return argon2.GetBytes(16);
        }

then I store user name , password ,salt key ,in SQL server DB.

SqlCommand insert = new SqlCommand("insert into dbo.users (username,password,token) VALUES(@username,@password,@salt)", cn) ;

           
            insert.Parameters.AddWithValue("@username", textBox1.Text);
            insert.Parameters.AddWithValue("@password", Convert.ToBase64String(hash));
            insert.Parameters.AddWithValue("@salt",Convert.ToBase64String( salt));
            insert.ExecuteNonQuery();

the problem when user log in i get the salt key that i have sored for this user and hashing it whith password but it give me different result not same hash password in DB

what is the error ??

I tried to chang type of salt key field in DB

heba
  • 11
  • 3
  • 1
    You've only shown us half of the code - we can't see where you're doing the check. Ideally, provide a [mcve] - I wouldn't *expect* the actual database part to be relevant (just keep the strings in memory) but you should check that too. – Jon Skeet May 07 '23 at 06:43
  • **FYI** you should consider to store all needed informations within the password string like: `:::`. – Sir Rufo May 07 '23 at 08:32

0 Answers0