Home/ Questions/Q 6130073
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T16:48:57+00:00

I’m attempting to store a user’s password in my program, but I don’t want

  • 0

I’m attempting to store a user’s password in my program, but I don’t want to store it in plain text. Therefore, I’m hashing it and storing that instead, and when the user needs to enter his password upon the program start (to protect against unauthorized users), I’m hashing the entered password and comparing the two hashes.

However, the following code is generating the same hash for almost any password entered. Can anyone either tell me how to fix the following code, or direct me to a better hash function?

public static string getSHA1(string userPassword)
{
    return BitConverter.ToString(SHA1Managed.Create().ComputeHash(Encoding.Default.GetBytes(userPassword))).Replace("-", "");
}

Thanks for any assistance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I plugged your function into a new project and it seemed to be working OK, so check how the password is being supplied to the function. I’d be wary of using Encoding.Default instead of an explicit coding, as it says it’s system-dependent.

    Here’s the one I made:

        public static string getSHA1(string userPassword)
    {
        return Convert.ToBase64String(new SHA1Managed().ComputeHash(Encoding.Unicode.GetBytes(userPassword)));
    }

    Note: as pointed out in the comments, doing password storage/matching this way is bad:

    • you are using a fast hashing algorithm. You want password hashing to be slow to mitigate brute-force attacks. Bcrypt does a good job of this.
    • you are not salting your hash. Salting means adding some random data to the password prior to hashing, then storing the random data along with the hash. This makes rainbow tables (huge hash to password maps) useless.
    • 0