Authenticate Xenforo password in C#

nopsai · Jul 18, 2017

I need to compare the client password in a C# server.

So, my try is:

Code:

            string salt = "HereIsTheSalt", password = "HereIsThePass";

            SHA256Managed hashstring = new SHA256Managed();

            byte[] bytes = Encoding.UTF8.GetBytes(password + salt);
            byte[] hash = hashstring.ComputeHash(bytes);
          
            string hashPassword = BitConverter.ToString(hash).Replace("-", "")

But the result it not the same in the xenforo database...

Anyone can help?

Chris D · Jul 18, 2017

If this XF installation is XF 1.2.0 or newer then the password is very likely stored in a completely different format to what you're trying to do.

Even so, the exact approach you're taking doesn't even seem to be compatible with the legacy approach (Pre XF 1.2.0).

The password hashing algorithm we use in XF > 1.2 is bcrypt, apparently there's a C# implementation here:
http://bcrypt.codeplex.com/

I know very little about C programming generally, but you will almost certainly need something similar to be able to authenticate an XF password hash.

nopsai · Jul 18, 2017

Chris D said:
If this XF installation is XF 1.2.0 or newer then the password is very likely stored in a completely different format to what you're trying to do.

Even so, the exact approach you're taking doesn't even seem to be compatible with the legacy approach (Pre XF 1.2.0).

The password hashing algorithm we use in XF > 1.2 is bcrypt, apparently there's a C# implementation here:
http://bcrypt.codeplex.com/

I know very little about C programming generally, but you will almost certainly need something similar to be able to authenticate an XF password hash.

BCrypt.Net has solved the problem.

Thank you.

Authenticate Xenforo password in C#

nopsai

Member

Chris D

XenForo developer

nopsai

Member

Similar threads

We value your privacy