Secure User Authentication

From GTA Network Wiki
Jump to: navigation, search

Secure User Authentication




dialog-warning.pngRework required!

The contents of this page are possibly invalid or incomplete. Please treat the contents of this page with caution!

If you are able to, please modify the page so that it's factually correct.


Introduction

This page will explain how to encrypt passwords and how you should authenticate a user.

What makes a secure user authentication?

Every password stored is encrypted and is extremely difficult to be decrypted.

To authenticate the user, encrypt the password the user entered and compare it with the one you have stored. Do they match?

How can we do that?

Better explained with code!

string stored_password = "";//Retrieve this from your database
string password = "";//User giving password

string hashed_password = String.Empty;
System.Security.Cryptography.SHA256Managed crypt = new System.Security.Cryptography.SHA256Managed(); // The encrypt method
byte[] crypto = crypt.ComputeHash(Encoding.UTF8.GetBytes(password), 0, Encoding.UTF8.GetByteCount(password)); // Converting each byte to UTF8 byte
crypt.ComputeHash(Encoding.UTF8.GetBytes(password), 0, Encoding.UTF8.GetByteCount(password)); //Converting UTF8 bytes to hashed string

foreach (byte crypto_byte in crypto)
{
hashed_password += crypto_byte.ToString("x2");
}

if(stored_password == hashed_password) {
//User logged in
}
else {
//Wrong password
}

User registrations should be handled using the same method.

string password = "";//User giving password

string hashed_password = String.Empty;
System.Security.Cryptography.SHA256Managed crypt = new System.Security.Cryptography.SHA256Managed(); // The encrypt method
byte[] crypto = crypt.ComputeHash(Encoding.UTF8.GetBytes(password), 0, Encoding.UTF8.GetByteCount(password)); // Converting each byte to UTF8 byte
crypt.ComputeHash(Encoding.UTF8.GetBytes(password), 0, Encoding.UTF8.GetByteCount(password)); //Converting UTF8 bytes to hashed string

foreach (byte crypto_byte in crypto)
{
hashed_password += crypto_byte.ToString("x2");
}

//Store hashed_password in the database

And there you have it! That's all there is to it. You have now authenticated your user.