SQLite encryption types for data
-
I have an application in C# which uses a SQLite database. In this database I have a table where I inserted a value encrypted with sha1, via sql query. Te problem is that I want to select that data and use it like:
cmd.CommandText = "Select * from accounts where (username=@username and password=sha1(@password));";
cmd.Parameters.AddWithValue("@password", password);OR
cmd.CommandText = "Select * from accounts where (username=@username and password=@password);";
cmd.Parameters.AddWithValue("@password", sha1(password));But from what I heard, I can't use sha1 like this, I have to use a function like this one, but it doesn't work:
string sha1(string password) {
byte[] byteArray = Encoding.UTF8.GetBytes(password);
return Convert.ToBase64String(sha1.ComputeHash(byteArray);
}I receive error:
sha1(string) is a method, which is not valid in the given context
The other thing, I heard about KDF ( key definition function) which it seems to be a better encryption type but I don't really know how to use it. Can anybody help me with that?
-
I have an application in C# which uses a SQLite database. In this database I have a table where I inserted a value encrypted with sha1, via sql query. Te problem is that I want to select that data and use it like:
cmd.CommandText = "Select * from accounts where (username=@username and password=sha1(@password));";
cmd.Parameters.AddWithValue("@password", password);OR
cmd.CommandText = "Select * from accounts where (username=@username and password=@password);";
cmd.Parameters.AddWithValue("@password", sha1(password));But from what I heard, I can't use sha1 like this, I have to use a function like this one, but it doesn't work:
string sha1(string password) {
byte[] byteArray = Encoding.UTF8.GetBytes(password);
return Convert.ToBase64String(sha1.ComputeHash(byteArray);
}I receive error:
sha1(string) is a method, which is not valid in the given context
The other thing, I heard about KDF ( key definition function) which it seems to be a better encryption type but I don't really know how to use it. Can anybody help me with that?
-
See Secure Password Authentication Explained Simply[^]. You need to show some more of your code, to show why the context is incorrect as you have coded it. Where exactly does the error message appear?
-
See Secure Password Authentication Explained Simply[^]. You need to show some more of your code, to show why the context is incorrect as you have coded it. Where exactly does the error message appear?
-
I have an application in C# which uses a SQLite database. In this database I have a table where I inserted a value encrypted with sha1, via sql query. Te problem is that I want to select that data and use it like:
cmd.CommandText = "Select * from accounts where (username=@username and password=sha1(@password));";
cmd.Parameters.AddWithValue("@password", password);OR
cmd.CommandText = "Select * from accounts where (username=@username and password=@password);";
cmd.Parameters.AddWithValue("@password", sha1(password));But from what I heard, I can't use sha1 like this, I have to use a function like this one, but it doesn't work:
string sha1(string password) {
byte[] byteArray = Encoding.UTF8.GetBytes(password);
return Convert.ToBase64String(sha1.ComputeHash(byteArray);
}I receive error:
sha1(string) is a method, which is not valid in the given context
The other thing, I heard about KDF ( key definition function) which it seems to be a better encryption type but I don't really know how to use it. Can anybody help me with that?
Hashing a password without using a unique salt for each record is a very bad idea. Troy Hunt: Our password hashing has no clothes [^] Salted Password Hashing - Doing it Right[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
