C
C#•11mo ago
konstantine

BCrypt : EnhancedVerify() doesn't work

Hi ! I'm using BCrypt to hash passwords. The method EnhancedHashPassword() works, but the method EnhancedVerify() doesn't. I have this error during the execution : 
 An unhandled exception has occurred while executing the request.
      BCrypt.Net.SaltParseException: Invalid salt version
 An unhandled exception has occurred while executing the request.
      BCrypt.Net.SaltParseException: Invalid salt version
I'm reading in some old forums that there is a bug in the update of those 2 methods. The hashing one converts in a 2a hashing, whereas the verifying method convets in 2y. Well, this post was 10 years ago. Is still not working ? Did you find a way to work with it ? Thank you Here my code : 
public async Task<ActionResult<User>> PostUser(User user)
{
    var PasswordUserHashed = BCrypt.Net.BCrypt.EnhancedHashPassword(user.PasswordUser, 13);
[...]
}

 [HttpPost("login")]
 public async Task<ActionResult<User>> LoginUser(UserLoginDTO userLoginDTO)
 {
     var userToVerify = await _context.Users.FirstOrDefaultAsync(u => u.EmailUser == userLoginDTO.EmailUser);
     if (BCrypt.Net.BCrypt.EnhancedVerify(userToVerify.PasswordUser, userLoginDTO.PasswordUser, HashType.SHA384))
     {

         return userToVerify;
     }
     return BadRequest();
 } 
public async Task<ActionResult<User>> PostUser(User user)
{
    var PasswordUserHashed = BCrypt.Net.BCrypt.EnhancedHashPassword(user.PasswordUser, 13);
[...]
}

 [HttpPost("login")]
 public async Task<ActionResult<User>> LoginUser(UserLoginDTO userLoginDTO)
 {
     var userToVerify = await _context.Users.FirstOrDefaultAsync(u => u.EmailUser == userLoginDTO.EmailUser);
     if (BCrypt.Net.BCrypt.EnhancedVerify(userToVerify.PasswordUser, userLoginDTO.PasswordUser, HashType.SHA384))
     {

         return userToVerify;
     }
     return BadRequest();
 }
2 Replies
Dev Master
Dev Master•11mo ago
if (BCrypt.Net.BCrypt.Verify(password.Text, passdb)) { // logged in } // not logged in
konstantine
konstantineOP•11mo ago
I also had to change the hashing method too 
EnhancedHashPassword()
EnhancedHashPassword()
-> 
HashPassword()
HashPassword()
. It works, thank you 🙂
Want results from more Discord servers?
Add your server