Bcrypt.Net.Verify returns true on false string data

1.1k Views Asked by Shade At 23 September 2013 at 17:13

i'm using a string with salt data to Hash a password using BCrypt.Net library.

code:

string src = Salt + UserName + Key + Password
var hash = Bc.HashPassword(src, 12);

When i'm trying to verify the hashed data with a wrong string data (different password for example) , the value BCrypt.Verify(wrongStr,hash) returns is true.

Any Ideas? is there any String's Length Limits?

Original Q&A

There are 1 best solutions below

CodeKuga88 On 08 November 2013 at 07:00

bcrypt returns a 60 char string make sure that your filed can handle that

and your verification is wrong you need to utilize boolean!

string myPassword = "password";
string mySalt = BCrypt.GenerateSalt();
//mySalt == "$2a$10$rBV2JDeWW3.vKyeQcM8fFO"
string myHash = BCrypt.HashPassword(myPassword, mySalt);
//myHash == "$2a$10$rBV2JDeWW3.vKyeQcM8fFO4777l4bVeQgDL6VIkxqlzQ7TCalQvla"


bool doesPasswordMatch = BCrypt.CheckPassword(myPassword, myHash);

Bcrypt.Net.Verify returns true on false string data

There are 1 best solutions below

Related Questions in C#

Related Questions in .NET

Related Questions in BCRYPT.NET

Trending Questions

Popular # Hahtags

Popular Questions