Hashing a password with salt - Visual Basic .NET

Tags: VB.NET, VB 2008, VB 2010, VB 2012, VB 2013

In this tutorial, I would like to share with you how to store passwords in the database. It is very important that your clients' passwords are well secured. The best practice to store passwords in the database is hashing passwords. In the event that your database gets compromised, hashed passwords will be very hard to reverse.

It is even harder to reverse a hashed password that was hashed with salt. And if you want to make it even harder, the salt should be randomly created and be unique to each user.

The process of storing the password:

  • Get the plain password
  • Generate a random salt
  • Concatenate the plain password with the salt
  • Hash the combination of the plain password and the salt
  • Store the salt in the a field in the database
  • Store the hash combination in the password field in the database
  • The process of checking for matching password

  • Get the plain password from user
  • Get the salt from the database based on the user's username
  • Concatenate the plain password with the salt
  • Hash the combination of the plain password and the salt
  • Check the hashed result against the password field in the database
  • Login the user if the result matches the password in the database
  • Let's apply the mentioned processes in visual basic. First let's add the following declarations to the code page:

    Imports System.Security.Cryptography
    Imports System.Text
    

    Next, let's add the function that will generate a random salt:

    Public Function CreateRandomSalt() As String
            'the following is the string that will hold the salt charachters
            Dim mix As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+=][}{<>"
            Dim salt As String = ""
            Dim rnd As New Random
            Dim sb As New StringBuilder
            For i As Integer = 1 To 100 'Length of the salt
                Dim x As Integer = rnd.Next(0, mix.Length - 1)
                salt &= (mix.Substring(x, 1))
            Next
            Return salt
        End Function
    

    Next, Let's add the function that will hash the password:

    Public Function Hash512(password As String, salt As String) As String
            Dim convertedToBytes As Byte() = Encoding.UTF8.GetBytes(password & salt)
            Dim hashType As HashAlgorithm = New SHA512Managed()
            Dim hashBytes As Byte() = hashType.ComputeHash(convertedToBytes)
            Dim hashedResult As String = Convert.ToBase64String(hashBytes)
            Return hashedResult
    End Function
    

    To use this function, I will use the following form:

    hashing password in visual basic

    The following code will handle the button click event:

    Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
            hashedPasswordText.Text = (Hash512(plainPasswordTxt.Text, CreateRandomSalt))
    End Sub
    

    The result:


    Share This

    Home | About | Contact | Privacy Policy

    Copyright visual-basic-tutorials.com 2017 - All Rights Reserved.