# Guardado de contraseñas

Hash + salt

In [8]:
using System;
using System.Security.Cryptography;
using System.Text;

public class PasswordHasher
{
    // Generar un salt aleatorio
    public static byte[] GenerateSalt(int length = 16)
    {
        var salt = new byte[length];
        using (var rng = RandomNumberGenerator.Create())
        {

            rng.GetBytes(salt);
            return salt;
        }
    }

    // Hash de la contraseña combinando la contraseña y el salt
    public static string HashPassword(string password, byte[] salt)
    {
        using (var sha256 = SHA256.Create())
        {
            // Convertir la contraseña a bytes y concatenar con el salt
            var passwordBytes = Encoding.UTF8.GetBytes(password);
            var saltedPassword = new byte[passwordBytes.Length + salt.Length];

            Buffer.BlockCopy(passwordBytes, 0, saltedPassword, 0, passwordBytes.Length);
            Buffer.BlockCopy(salt, 0, saltedPassword, passwordBytes.Length, salt.Length);

            // Generar el hash
            var hash = sha256.ComputeHash(saltedPassword);
            return BitConverter.ToString(hash).Replace("-", "").ToLower(); // Convertir a formato hexadecimal
        }
    }
    public static bool VerifyPassword(string enteredPassword, string storedHash, byte[] storedSalt)
    {
        string hashOfEnteredPassword = HashPassword(enteredPassword, storedSalt);
        return hashOfEnteredPassword.Equals(storedHash, StringComparison.OrdinalIgnoreCase);
    }
}

// Generar un salt
byte[] salt = PasswordHasher.GenerateSalt();
Console.WriteLine($"Salt: {BitConverter.ToString(salt).Replace("-", "").ToLower()}");

// Hash de la contraseña
string password = "123abc.";
string hashedPassword = PasswordHasher.HashPassword(password, salt);
Console.WriteLine($"Hash de la contraseña: {hashedPassword}");

string password2 = "123abc.";
Console.WriteLine (PasswordHasher.VerifyPassword(password2, hashedPassword, salt)==true?"Igual":"Diferente"); // True


Salt: a9980de2e25cb82b8ba3a630969a4775
Hash de la contraseña: 25c5c853fdfec720636317990fbfcd5475b61d5b0fab6a442b1c7f3b87dca7b4
Diferente
