3

I've searched in google, unfortunately I can't found any expect answers I want.

I've downloaded .NET implementation of BCrypt

Honest, I usually coding in PHP language, i have no idea on things like .Net

Improve this question

1 Answer 1

Reset to default
1

I am assuming that you already have the schema for storing the users hash in some kind of user profile table?

Let's say that this table is in the format as below:

PersonID           int PrimaryKey
PersonName         nvarchar(50)
PersonPasswordHash varchar(128)
PersonPasswordSalt nvarchar(10)

then in your .net code (example in C#) you would go ahead and do the following when you are creating a new user

string passwordPlain = txtPassword.Text; // This is the password entered by the user

/* a work factor of 10 is default, but you can mention any thing from 4 to 31. 
   But keep in mind that for every increment in work factor the work increases 
   twice (its 2**log_rounds)
*/
string passwordSalt = BCrypt.GenerateSalt(10);
string passwordHash = BCrypt.HashPassword(passwordPlain, passwordSalt);

// Now store the passwordHash and passwordSalt in the database for that user

After you have the above values store the appropriate values in the database.

When it is time to validate a login, retrieve the details about the passwordHash and passwordSalt from the database and you can verify as follows:

string originalPasswordSalt; // retrieve its value from the DB
string originalPasswordHash; // retrieve its value from the DB
string givenPasswordPlain = txtPassword.Text; // given by the user during login
string givenPasswordHash = BCrypt.HashPassword(givenPasswordPlain, originalPasswordSalt);

if(givenPasswordHash.Equals(originalPasswordHash)) { // you have an valid user
} else { // given login name or password is not valid
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

First, I would like to say sorry, maybe my question is not clear enough. I want to know how to use the BCrypt in T-SQL, do you mind to give some example about using BCrypt in T-SQL?
Kindly mark as answer if the solution is helpful, when you mark as answer it provides an closure to the question and it increases your reputation by 2 points. Thank you.
@user474407: Your answer is completely irrelevant to the question (as we can deduct from comments' conversation. It got accepted after your instructions. What you should do instead is to completely update your answer and provide solution for BCrypt in TSQL.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.