I am trying to create a basic WPF application that can store an encrypted password in SQL Server 2008 and also retrieve back the password when the user tries to login but I am getting an error after following this article
http://www.dreamincode.net/forums/topic/123865-one-way-encryption/
I read thru rainbow attacks and salting and hashing..
I tried some code but getting an error
The error I am getting is
string or binary data would be truncated
I read this article and tried to convert the textbox.text to string and also tried typing only one alphabet in the password texbox but still does not work (“I changed the connstring for security reasons as the connstring is working and there is no problem with that”)
private void button1_Click(object sender, RoutedEventArgs e)
{
string strPassword;
SqlConnection cs= new SqlConnection("Data Source=STEVEJOBS;Initial Catalog=Test database;Integrated Security=True");
SqlDataAdapter da = new SqlDataAdapter();
da.InsertCommand = new SqlCommand("INSERT INTO Member_info(Name,Username,Password,Email,Member) VALUES(@Name,@Username,@Password,@Email,@Member)", cs);
da.InsertCommand.Parameters.Add("@Name", SqlDbType.NVarChar).Value = Name_tb.Text;
da.InsertCommand.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email_tb.Text;
da.InsertCommand.Parameters.Add("@Username", SqlDbType.VarChar).Value = Username_tb.Text;
//MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
//byte[] hashedBytes;
//UTF8Encoding encoder = new UTF8Encoding();
//hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(strPassword));
//SqlParameter paramPwd;
//paramPwd = new SqlParameter("@Password", SqlDbType.Binary, 16);
//paramPwd.Value = hashedBytes;
//da.InsertCommand.Parameters.Add(paramPwd);
da.InsertCommand.Parameters.Add("@Password", SqlDbType.VarChar).Value = HashPassword(Password_tb.Text.ToString());
da.InsertCommand.Parameters.Add("@Member", SqlDbType.NText).Value =Myes_rb.Content ;
cs.Open();
da.InsertCommand.ExecuteNonQuery();
cs.Close();
MessageBox.Show("Sucessfully added");
}
static string HashPassword(string pasword)
{
byte[] arrbyte = new byte[pasword.Length];
SHA256 hash = new SHA256CryptoServiceProvider();
arrbyte = hash.ComputeHash(Encoding.UTF8.GetBytes(pasword));
return Convert.ToBase64String(arrbyte);
}
Thks for the help!
This error appears when you try to insert a string with more characters than specified in column definition. Make your string columns wider.
To identify column that triggers this error, You can change your INSERT statement by eliminating parameters one by one (remove
da.InsertCommand.Parameters.Addline for that column and in VALUES part of INSERT statement put a constant like ‘John’).EDIT#1:
Continue eliminating columns one by one (just like You did with password column) and once insert statement doesn’t fail, You will know what column caused error. Then debug to find out the length of value you are assigning to (failing) column parameter. Length of that column in database must be >= than length of value You are trying to insert.
Another thing to note: at the time of writing your question, You thought that password column is problem, but maybe some other column is problem. And only solution to this error is to make all columns wide enough so values can be stored in them.
EDIT#2:
Use Password property to get text user typed in:
To get the length of hashed password use this code instead:
Put breakpoint on the second line and check the length of pwdHash string. Password column in database table must be equal or greater to this length.