Authenticate Xenforo password in C#

nopsai

Member
I need to compare the client password in a C# server.

So, my try is:
Code:
            string salt = "HereIsTheSalt", password = "HereIsThePass";

            SHA256Managed hashstring = new SHA256Managed();

            byte[] bytes = Encoding.UTF8.GetBytes(password + salt);
            byte[] hash = hashstring.ComputeHash(bytes);
          
            string hashPassword = BitConverter.ToString(hash).Replace("-", "")

But the result it not the same in the xenforo database...

Anyone can help?
 
If this XF installation is XF 1.2.0 or newer then the password is very likely stored in a completely different format to what you're trying to do.

Even so, the exact approach you're taking doesn't even seem to be compatible with the legacy approach (Pre XF 1.2.0).

The password hashing algorithm we use in XF > 1.2 is bcrypt, apparently there's a C# implementation here:
http://bcrypt.codeplex.com/

I know very little about C programming generally, but you will almost certainly need something similar to be able to authenticate an XF password hash.
 
If this XF installation is XF 1.2.0 or newer then the password is very likely stored in a completely different format to what you're trying to do.

Even so, the exact approach you're taking doesn't even seem to be compatible with the legacy approach (Pre XF 1.2.0).

The password hashing algorithm we use in XF > 1.2 is bcrypt, apparently there's a C# implementation here:
http://bcrypt.codeplex.com/

I know very little about C programming generally, but you will almost certainly need something similar to be able to authenticate an XF password hash.

BCrypt.Net has solved the problem.

Thank you. ;)
 
Back
Top Bottom