Thursday, December 3, 2009

Using a One-Way Hash on Passwords

The best thing to do with a password is convert it into a one way Hash. This way no one knows what your user's passwords are, not even a hacker who got into your database. Here is a small class I wrote to Convert a password into a hash.

Public Class Hash

 

  Private Function ComputeHashValue(ByVal data() As Byte) As Byte()

    Dim hashAlg As System.Security.Cryptography.SHA1 = System.Security.Cryptography.SHA1.Create()

    Dim hashvalue() As Byte = hashAlg.ComputeHash(data)

    Return hashvalue

  End Function

 

  Public Function HashPassword(ByVal password As String) As String

    Dim encoder As System.Text.UTF8Encoding

    Dim b() As Byte

 

    encoder = New System.Text.UTF8Encoding

    b = encoder.GetBytes(password)

    b = ComputeHashValue(b)

 

    Return Convert.ToBase64String(b)

 

 

  End Function

 

End Class

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)