Home/ Questions/Q 6872433
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T03:55:38+00:00

I want to store login and password in sqlite database. This database in encrypted

  • 0

I want to store login and password in sqlite database. This database in encrypted using SQLCipher library. But password to encrypt database is separate issue. This password is stored in code of application. Login and password are provided by user to login to application. In C# there is the SHA256 class. If I use this class if it is enough ? Or rather I should use hash and salt or other methods ?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To store a user password in a database for login matters, you should use a hash function with a salt.

    SHA 256 is one of them, but there are better ones existing. I recommend you using the PBKDF2 derivative function. You can implement your own PBKDF2 hashing method using the Rfc2898DeriveBytes class provided in the .NET framework.

    Here is a quick how-to-do-it:

    int saltSize = 256;     // Number of bytes of the salt
int iterations = 1000;  // Number of times we iterate the function
                        // The more we iterate, the more it is gonna take time.
                        //     The advantage of a great iterations number is to 
                        //     make brutforce attack more painful.
int hashSize = 20;      // Number of bytes of the hash (the output)

var deriveBytes = new Rfc2898DeriveBytes("mypassword", saltSize, iterations);
byte[] salt = deriveBytes.Salt;
byte[] hash = deriveBytes.GetBytes(hashSize);

    You just have now to store the salt and the hash in your database. Use Convert.FromBase64String and Convert.ToBase64String to get a string from a byte[] and vice-versa.

    Another alternative is to use bcrypt. See this interesting article.

    • 0