MySql Database Bcrypt Password login on C# (VSCodes) V.net

[ABEIDrizik]

Hello, my problem is how to make Bcrypt work on C#, Am using Visual 2022. Here is attached files Login.cs and MyDatabase.cs

Login_Fail_Mysql_C#.zip

Thank you for support (Peoples and Allah may help you and pay you)

[ChrisMcKee]

I'd already corrected the app to work https://github.com/BcryptNet/bcrypt.net/issues/130#issuecomment-1434446970 It's in the attachment https://github.com/BcryptNet/bcrypt.net/files/10765728/C._Login_Encrypt.zip

[AbeidDEV]

Yes but MySql Database is differents here, my db connectionstring typicals

[AbeidDEV]

I have provide you some more refferences

[ChrisMcKee]

You're still trying to pass a single parameter into Verify and in lined into a SQL query. BCrypt just doesn't work like that.

The hash consists of the version, the salt and the hash; when you hash a password and store it all these components are stored together. If you hash the same password again the resultant hash will be different as a new salt will have been created. Verify requires the password and the current hash. It splits out the salt portion of the hash and re-bcrypts the password with the salt portion of the current hash. Then compares the hash you passed in against this one generated using the same salt. If they match then its a valid password match.

The code you've put in that zip...

string query = "SELECT `username`, `password` FROM `MyDb_users` WHERE username='" + tbUSERNAME.Text + "' AND password='"+Bcrypt.Net.Verify(textBoxPASSWORD.Text)+"'";

Wouldn't even compile; even the namespace casing is wrong. If you could treat bcrypt like using SHA (never sha a password) and the Verify method was returning a string that just called SHA384.Create().ComputeHash(UTF8Encoding.UTF8.GetBytes(textBoxPASSWORD.Text)) then that query would possibly work but that's not how BCrypt works or intended work work. The verify method (when given the right number of params) also returns a bool; so that SQL query becomes and password=true or password=false.

Take some time to study the zip I attached last time.

[AbeidDEV]

That you mean my Selection query need to be like this?:

string query = "SELECT username, password FROM MyDb_users WHERE username='" + tbUSERNAME.Text + "' AND SHA384.Create().ComputeHash(UTF8Encoding.UTF8.GetBytes(textBoxPASSWORD.Text))+"'";

Note: I want to verify password was already generated (Bcrypt) from my database (php)

[ChrisMcKee]

No, to validate with bcrypt you need to query the record from sql using the username. Then pass the hash from the SQL response into the Verify method along with the user's entered password. If it's correct you get true.

Again, all this is in the previous issues response and the working code in the zip.

[AbeidDEV]

Last post was, do you want to explain me that if you get invalid username inputs:

if (!reader.Read()) { System.Windows.Forms.MessageBox.Show("Error", "Information", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Error); } else { while (reader.Read()) {

// Start This is our questions able to verify hashed stored password from storage // var sqlPassword = reader.GetString(1);

                    if (BCrypt.Net.BCrypt.Verify(password, sqlPassword))
                    {

                        System.Windows.Forms.MessageBox.Show("Hi :D", "Information",
                            System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Information);
                    }

// End If // else { System.Windows.Forms.MessageBox.Show("Error", "Information", System.Windows.Forms.MessageBoxButtons.OK, System.Windows.Forms.MessageBoxIcon.Error); } } }

            return $"{userName}{password}";
        }

[ABEIDrizik]

is that sir?