Home/ Questions/Q 7908787
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T12:05:49+00:00

I have never encrypted a password before, and this is what I came up

  • 0

I have never encrypted a password before, and this is what I came up with to do it, with the aid of this article. The article didn’t include salt, so I had to figure it out myself:

        UTF8Encoding encoder = new UTF8Encoding();
        byte[] salt = new byte[8];
        new Random().NextBytes(salt);
        byte[] encodedPassword = encoder.GetBytes(txtPassword.Text);
        byte[] saltedPassword = new byte[8 + encodedPassword.Length];
        System.Buffer.BlockCopy(salt, 0, saltedPassword, 0, 8);
        System.Buffer.BlockCopy(encodedPassword, 0, saltedPassword, 8, encodedPassword.Length);
        byte[] encryptedPassword = new MD5CryptoServiceProvider().ComputeHash(saltedPassword);
        byte[] saltedEncryptedPassword = new byte[8 + encryptedPassword.Length];
        System.Buffer.BlockCopy(salt, 0, saltedEncryptedPassword, 0, 8);
        System.Buffer.BlockCopy(encryptedPassword, 0, saltedEncryptedPassword, 8, encryptedPassword.Length);

with saltedEncryptedPassword being stored in the database. As you probably notice, I had some trouble concatenating the byte arrays together where the salt was involved. Have I done this right, or is there a better way? Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Password hashes should be slow, not fast.
    The faster the hash, the faster an attacker can run through a password dictionary.

    Therefore, you should never use general-purpose hashes like SHA for passwords.

    Instead, use proven slow techniques like scrypt or PBKDF2.

    • 0