Q: Hash and salt passwords in C#

D: I was just going through one of DavidHayden's articles on Hashing User Passwords. Really I can't get what he is trying to achieve.

Test Case #7


File ID: #2138588-0-cc


   public static byte[] GenerateSaltedHash(byte[] plainText, byte[] salt)
{
    var algorithm = new SHA256Managed();
    var plainTextWithSaltBytes = new byte[plainText.Length + salt.Length];
    for (var i = 0; i < plainText.Length; i + +)
    {
        plainTextWithSaltBytes[i] = plainText[i];
    }
    for (var i = 0; i < salt.Length; i + +)
    {
        plainTextWithSaltBytes[plainText.Length + i] = salt[i];
    }
    return algorithm.ComputeHash(plainTextWithSaltBytes);
}

public static bool CompareByteArrays(byte[] array1, byte[] array2)
{
    if (array1.Length ! = array2.Length)
    {
        return false;
    }
    for (int i = 0; i < array1.Length; i + +)
    {
        if (array1[i] ! = array2[i])
        {
            return false;
        }
    }
    return true;
}


  1. +1 for your book pimping! ;-)
  2. Nifty LINQ statement refactor for CompareByteArrays `return array1.Length == array2.Length && !array1.Where((t, i) => t != array2[i]).Any();`
  3. Technically, yes, but having a _**unique**_ salt for each user renders Rainbow Tables (generally accepted as the most efficient way to crack hashed passwords) practically useless. [This is a quick oveview](http://crackstation.net/hashing-security.htm) gives a in-depth but not overwhelming overview of how to store passwords securely, and why/how it all works.

Comments Quality
Accurate?:
Precise?:
Concise?:
Useful?: