Derek Slager's BCrypt Class for C# Check Password Method failed
-
ahmed_one wrote:
3. Now compare the user entered password with BCrypt.CheckPassword(txtPass.Text.Trim().ToString(), hashpassdb))
yes, but, arnt you doing something funky in txtPass.Leave event ? that means the result you get from
txtPass.Text.Trim().ToString()
is effectively
HashPassword(user entered password ,BCrypt.GenerateSalt(12));
?
As you've quote point number 3, which is related to User login form, there is no txtPass.leave event used in User Login form. It is only used in User Creation Form, so ultimately there is no:
HashPassword(user entered password ,BCrypt.GenerateSalt(12));
Used for txtPass. It's the plaintext where user enter password. I know what you are trying to say, that when comparing password, what I am doing is to generate new hash due to the result of GenerateSalt(12). But this is not the case, I simply get hash value from db and put it in CheckPassword method alongwith plaintext password enter by user. I am sure BCrypt.GenerateSalt(12) is not call anywhere in UserLogin form. I am following this guide in my application.
-
As you've quote point number 3, which is related to User login form, there is no txtPass.leave event used in User Login form. It is only used in User Creation Form, so ultimately there is no:
HashPassword(user entered password ,BCrypt.GenerateSalt(12));
Used for txtPass. It's the plaintext where user enter password. I know what you are trying to say, that when comparing password, what I am doing is to generate new hash due to the result of GenerateSalt(12). But this is not the case, I simply get hash value from db and put it in CheckPassword method alongwith plaintext password enter by user. I am sure BCrypt.GenerateSalt(12) is not call anywhere in UserLogin form. I am following this guide in my application.
ok, which version of BCrypt are you using ?
-
ok, which version of BCrypt are you using ?
-
Derek Slagers Bcrypt class. Downloaded from http://derekslager.com/blog/posts/2007/10/bcrypt-dotnet-strong-password-hashing-for-dotnet-and-mono.ashx[^]
There appears to be a more up-to-date version here http://bcrypt.codeplex.com/[^] Nonetheless, I did a quick and dirty test with that version you used with VS2005 :-
namespace DSBcryptTest
{
class Program
{
static void Main(string[] args)
{
String Password_Text = "Lorem_ipsum_dolor_sit_amet";String Password\_Hashed = BCrypt.HashPassword(Password\_Text, BCrypt.GenerateSalt(12)); Console.WriteLine("Hashed Password {0}", Password\_Hashed); String Test\_Password\_Text = Password\_Text; if (BCrypt.CheckPassword(Test\_Password\_Text, Password\_Hashed)) { Console.WriteLine("Passwords Match"); } } }and there was nothing wrong / I got the expected result - obviously I should be using Nunit/unit tests etc, but meh ... I copied BCrypt.cs into a new project, removed the assembly directive at the top, then used it directly as opposed to the dll version - but that wouldn't matter - it just means I can step into the code So, Im sorry, I cant think of where to go
-
There appears to be a more up-to-date version here http://bcrypt.codeplex.com/[^] Nonetheless, I did a quick and dirty test with that version you used with VS2005 :-
namespace DSBcryptTest
{
class Program
{
static void Main(string[] args)
{
String Password_Text = "Lorem_ipsum_dolor_sit_amet";String Password\_Hashed = BCrypt.HashPassword(Password\_Text, BCrypt.GenerateSalt(12)); Console.WriteLine("Hashed Password {0}", Password\_Hashed); String Test\_Password\_Text = Password\_Text; if (BCrypt.CheckPassword(Test\_Password\_Text, Password\_Hashed)) { Console.WriteLine("Passwords Match"); } } }and there was nothing wrong / I got the expected result - obviously I should be using Nunit/unit tests etc, but meh ... I copied BCrypt.cs into a new project, removed the assembly directive at the top, then used it directly as opposed to the dll version - but that wouldn't matter - it just means I can step into the code So, Im sorry, I cant think of where to go
Thanks for reply.
Garth J Lancaster wrote:
I copied BCrypt.cs into a new project, removed the assembly directive at the top, then used it directly as opposed to the dll version - but that wouldn't matter - it just means I can step into the code
I didn't get the above part "removed the assembly directive"?? what does it mean? I am also using BCrypt.cs file not the dll.. May be assembly directive has something to do with my problem?
-
Thanks for reply.
Garth J Lancaster wrote:
I copied BCrypt.cs into a new project, removed the assembly directive at the top, then used it directly as opposed to the dll version - but that wouldn't matter - it just means I can step into the code
I didn't get the above part "removed the assembly directive"?? what does it mean? I am also using BCrypt.cs file not the dll.. May be assembly directive has something to do with my problem?
nup, not the issue - you wouldn't even be able to build it if that were the issue - I had a 'Duplicate AssemblyVersion Attribute' error with the same in AssemblyInfo.cs - so I removed [assembly: System.Reflection.AssemblyVersion("0.1")] from near the top of my copy of BCrypt.cs All I proved was there's nothing obviously wrong with that version of BCrypt.cs, but it was only one test
-
Thanks for reply.
Garth J Lancaster wrote:
I copied BCrypt.cs into a new project, removed the assembly directive at the top, then used it directly as opposed to the dll version - but that wouldn't matter - it just means I can step into the code
I didn't get the above part "removed the assembly directive"?? what does it mean? I am also using BCrypt.cs file not the dll.. May be assembly directive has something to do with my problem?
btw - what is the length of the hashed password you get back from the DB ?
-
nup, not the issue - you wouldn't even be able to build it if that were the issue - I had a 'Duplicate AssemblyVersion Attribute' error with the same in AssemblyInfo.cs - so I removed [assembly: System.Reflection.AssemblyVersion("0.1")] from near the top of my copy of BCrypt.cs All I proved was there's nothing obviously wrong with that version of BCrypt.cs, but it was only one test
-
btw - what is the length of the hashed password you get back from the DB ?
-
btw - what is the length of the hashed password you get back from the DB ?
I don't believe it...I've done hours and hours of testing and all of them is succeed...And guess what is the stupid mistake I was doing?? I've accidentally set CharacterCasing to upper when creating new user...And in Login Form it is set to default normal. Now it is working... Thanks for be patient with my stupidity. Ahmed
-
I don't believe it...I've done hours and hours of testing and all of them is succeed...And guess what is the stupid mistake I was doing?? I've accidentally set CharacterCasing to upper when creating new user...And in Login Form it is set to default normal. Now it is working... Thanks for be patient with my stupidity. Ahmed
Well done for fixing it. Don't be worried about it - we've all made mistakes like this at one time or another.
-
Well done for fixing it. Don't be worried about it - we've all made mistakes like this at one time or another.
-
I don't believe it...I've done hours and hours of testing and all of them is succeed...And guess what is the stupid mistake I was doing?? I've accidentally set CharacterCasing to upper when creating new user...And in Login Form it is set to default normal. Now it is working... Thanks for be patient with my stupidity. Ahmed
as POH said 'well done' - you got there in the end 'next time', when using someone else's code, knock up a set of unit tests and make sure its working before you start coding against it in anger - that will eliminate it from the things you have to consider when it all looks pear-shaped 'g'
-
as POH said 'well done' - you got there in the end 'next time', when using someone else's code, knock up a set of unit tests and make sure its working before you start coding against it in anger - that will eliminate it from the things you have to consider when it all looks pear-shaped 'g'