.net - Hash on Unicode Password -

-

i'm writing password salt/hash procedure .net application, largely following guide of article: http://www.aspheute.com/english/20040105.asp

basically code computing salted hash this:

public string computesaltedhash(string password, byte[] salt) {      // password ascii text bytes:     byte[] passwordbytes = system.text.encoding.ascii.getbytes(password);      // append 2 arrays     byte[] tohash = new byte[passwordbytes.length + salt.length];     array.copy(passwordbytes, 0, tohash, 0, passwordbytes.length);     array.copy(salt, 0, tohash, passwordbytes.length, salt.length);      byte[] computedhash = sha1.create().computehash(tohash);      // return ascii string     return system.text.encoding.ascii.getstring(computedhash); }

however, want allow allow users use unicode chars in password, if like. (this seems idea; can think of reason it's not?)

however, don't know ton how unicode works, , i'm worried if change both references of system.text.encoding.ascii system.text.encoding.unicode, hash algorithm might produce byte combinations don't form valid unicode chars , getstring call freak out.

is valid concern, or ok?

you shouldn't using any normal encoding convert arbitrary binary data string. it's not encoded text - it's sequence of bytes. don't try interpret if "normal" text. whether original password contains non-ascii characters irrelevant - current code broken. (i treat linked article large dose of suspicion on basis.)

i suggest:

  • use encoding.utf8 bytes password. allow password contain unicode character. encoding.unicode fine here too.
  • use convert.tobase64string convert computed hash text. base64 designed represent opaque binary data in text within ascii character set.

Comments

Post a Comment

Popular posts from this blog

android - Spacing between the stars of a rating bar? -

-
ho can set spacing beween stars? thats ratingbar: ratingbar = (ratingbar) inflater.inflate(r.layout.ratingbar, null); ratingbar.setlayoutparams(new layoutparams(layoutparams.wrap_content, layoutparams.wrap_content)); the layout: <?xml version="1.0" encoding="utf-8"?> <ratingbar xmlns:android="http://schemas.android.com/apk/res/android" style="@style/mystyle" android:layout_alignparentright="true" android:layout_height="19dp" android:layout_width="wrap_content" android:numstars="5"> </ratingbar> the style: <style name="mystyle" parent="@android:style/widget.ratingbar"> <item name="android:progressdrawable">@drawable/android_r2_ratingstar_yellow</item> <item name="android:indeterminatedrawable">@drawable/android_r2_ratingstar_grey</item> </style> thanks, cheers you have ...
Read more

html - Instapaper-like algorithm -

-
does of algorithm extracts contents webpage? instapaper ? there 2 steps instapaper does: find main content block on page (excluding headers, footers, menus etc) from content block extract , format text to find content block (typically html block element, div containing key page text content) instapaper uses algorithm 1 used readability . can @ source of readability.js see what's going on, @ core tries find area on page highest text/link ratio, although has other simple scoring metrics (e.g. off top of head, things ratio of text commas, para elements etc) go heuristics. once have identified root node element, relevant content, you'll need format it, if want can pull node element containing text out of source document , insert yours, in reality you'll want remove existing styles , apply own, standard , feel. if want output nice text-only can use jericho's renderer . update1 : should mention else instapaper - follow 'pagination' links (...
Read more

c# - How to execute a particular part of code asynchronously in a class -

-
i creating speech recognition engine that's going respond user commands.i have created button enable , disable speech recognition per user convenience.i have used dispose() of speech engine disable speech recoginition.here code private void button1_click(object sender, routedeventargs e) { engineon = !engineon; if (engineon) { speechengine = speech.createspeechengine(); //speech class creates , returns new speech engine. speechengine.audiolevelupdated += new eventhandler<audiolevelupdatedeventargs>(speechengine_audiolevelupdated); // use system's default microphone speechengine.setinputtodefaultaudiodevice(); speechengine.loadgrammar(new dictationgrammar()); // start listening speechengine.recognizeasync(recognizemode.multiple); } else { speechclass.myengine.dispose(); } } but disposal of speech obj...
Read more