question

Prabs-7622 avatar image
0 Votes"
Prabs-7622 asked 40085639 answered

How to do Salt + Hash the password with SHA256 in AES cryptographic algorithm?

Hello Team,

I have an application with AES(The Advanced Encryption Standard (AES)) Password cryptographic algorithm logics.
How to do Salt + Hash the password with SHA256 in the following code.
Please help me on this?

This code i got it from the following link,
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aes?view=net-5.0


using System;
using System.IO;
using System.Security.Cryptography;

namespace Aes_Example
{
class AesExample
{
public static void Main()
{
string original = "Here is some data to encrypt!";

         // Create a new instance of the Aes
         // class.  This generates a new key and initialization
         // vector (IV).
         using (Aes myAes = Aes.Create())
         {

             // Encrypt the string to an array of bytes.
             byte[] encrypted = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV);

             // Decrypt the bytes to a string.
             string roundtrip = DecryptStringFromBytes_Aes(encrypted, myAes.Key, myAes.IV);

             //Display the original data and the decrypted data.
             Console.WriteLine("Original:   {0}", original);
             Console.WriteLine("Round Trip: {0}", roundtrip);
         }
     }
     static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
     {
         // Check arguments.
         if (plainText == null || plainText.Length <= 0)
             throw new ArgumentNullException("plainText");
         if (Key == null || Key.Length <= 0)
             throw new ArgumentNullException("Key");
         if (IV == null || IV.Length <= 0)
             throw new ArgumentNullException("IV");
         byte[] encrypted;

         // Create an Aes object
         // with the specified key and IV.
         using (Aes aesAlg = Aes.Create())
         {
             aesAlg.Key = Key;
             aesAlg.IV = IV;

             // Create an encryptor to perform the stream transform.
             ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

             // Create the streams used for encryption.
             using (MemoryStream msEncrypt = new MemoryStream())
             {
                 using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                 {
                     using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                     {
                         //Write all data to the stream.
                         swEncrypt.Write(plainText);
                     }
                     encrypted = msEncrypt.ToArray();
                 }
             }
         }

         // Return the encrypted bytes from the memory stream.
         return encrypted;
     }

     static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
     {
         // Check arguments.
         if (cipherText == null || cipherText.Length <= 0)
             throw new ArgumentNullException("cipherText");
         if (Key == null || Key.Length <= 0)
             throw new ArgumentNullException("Key");
         if (IV == null || IV.Length <= 0)
             throw new ArgumentNullException("IV");

         // Declare the string used to hold
         // the decrypted text.
         string plaintext = null;

         // Create an Aes object
         // with the specified key and IV.
         using (Aes aesAlg = Aes.Create())
         {
             aesAlg.Key = Key;
             aesAlg.IV = IV;

             // Create a decryptor to perform the stream transform.
             ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

             // Create the streams used for decryption.
             using (MemoryStream msDecrypt = new MemoryStream(cipherText))
             {
                 using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                 {
                     using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                     {

                         // Read the decrypted bytes from the decrypting stream
                         // and place them in a string.
                         plaintext = srDecrypt.ReadToEnd();
                     }
                 }
             }
         }

         return plaintext;
     }
 }

}


Regards,
Prabs

dotnet-csharpwindows-apidotnet-runtime
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Salt and hash is one way operation. Once a password is hashed it can never be recovered. In order to verify a password the password input is run through the same hashing process and the two hashes are compared.

The standard docs cover how to salt and hash a password. You can also, do a basic internet search to learn the concept.


0 Votes 0 ·

Hi, AES algorithm is two way process. I want to do hash and salt in AES (Rijndael) algorithm.

0 Votes 0 ·

Hi, AES algorithm is two way process. I want to do hash and salt in AES (Rijndael) algorithm.

Can you clarify your response? Are you trying to salt and hash a password that is already AES encrypted? Or are you trying to move from AES encrypted passwords to hashed passwords? In either case, the linked documentation clearly and openly explains how to hash a password or any string.



0 Votes 0 ·
Show more comments
PatriceSc-5382 avatar image
0 Votes"
PatriceSc-5382 answered PatriceSc-5382 edited

Hi,
Still a bit unclear. My understanding is that your app is currently encrypting the password and that you want to hash it instead?

ASP.NET Identity handles this among other things for you and I would suggest to use that rather than rolling your own. See exploring-the-asp-net-core-identity-passwordhasher for the password hasher mechanism and more generally identity



Edit: what if using Convert.ToBase64String(encrypted) to see the encrypted value and see if it is the same on each run? From your latest comments, my understanding is that you don't want the same value to produce always the same encrypted value which this code should do already.

As pointed already don't confuse encryption and hashing (hashing is not supposed to be reversible and is preferred for passwords).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Prabs-7622 avatar image
0 Votes"
Prabs-7622 answered AgaveJoe commented

Hi PatriceSc-5382,

The above code which is not included salt with password.
I want to add salt with plaintext for encryption process. At the receiver end he has to remove the salt and decrypt it

Example:

Password – user123
Salt - 8 bytes (any text)
Salted Hash - user123 + 8 bytes character

Regards
Prabhakaran

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I think part of the confusion is you are not using the terms salt, hash, and encryption correctly. A salt/hash cannot be decrypted. Again, hashing is a one way process.

Are you trying to encrypt a password before passing the password to a web app? If so, just use HTTPS.

0 Votes 0 ·
XiaopoYang-MSFT avatar image
0 Votes"
XiaopoYang-MSFT answered XiaopoYang-MSFT commented

Perhaps The initialization vector (IV) is The Salt you mean.

(IV) A sequence of random bytes appended to the front of the plaintext before encryption by a block cipher. Adding the initialization vector to the beginning of the plaintext eliminates the possibility of having the initial ciphertext block the same for any two messages. For example, if messages always start with a common header (a letterhead or "From" line) their initial ciphertext would always be the same, assuming that the same cryptographic algorithm and symmetric key was used. Adding a random initialization vector eliminates this from happening.

The Encrypting Data with CNG Sample.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

40085639 avatar image
0 Votes"
40085639 answered
 public void initialize(string key, string salt)
         {
             m_user_key = key;
             m_user_salt = salt;
    
             // set cipher key(mixed user key with salt)
             var salt_bytes = Encoding.ASCII.GetBytes(salt);
             Rfc2898DeriveBytes key_with_salt = new Rfc2898DeriveBytes(key, salt_bytes, 1000);
             m_cipher.Key = key_with_salt.GetBytes(16);
    
             // set cipher iv
             m_cipher.GenerateIV();
         }
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.