Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries. Thanks for all your past and future contributions.

How to store a password hash on Windows Phone

From Wiki
Jump to: navigation, search

This tip shows how to store a password hash value and use it for authentication of entered passwords. This is more secure than storing the password itself.

Applications that use login authentication should not store the application password directly, because the app's data may not be secure on the phone or backed up to a server/desktop. We've seen many successful attempts to acquire password lists by SQL injection break-ins, for example.

A better approach is to calculate a hash value for the password using a one-way function, and store this instead. This is compared to the hash values of user entered passwords afterwards in order to grant access to the application. Because it is calculated using a one-way function (that is very simple to calculate but very expensive to revert), even if a hacker can get the hash value they cannot use it to determine the password and access the app.

The ComputeHash function in the System.Security.Cryptography.SHA256Managed class uses a SHA 256-bit algorithm to compute the hash value. The GetHashCode() function below creates a hash of a string using SHA256Managed. It can be used to calculate both the hash value of the entered password to store, and the hash of password values entered by the user for comparison.

public static string GetHashCode(string p)
var a = new SHA256Managed();
return Convert.ToBase64String(a.ComputeHash(new System.Text.UTF8Encoding().GetBytes(p)));
WP Metro Icon File.png
SignpostIcon XAML 40.png
WP Metro Icon WP8.png
SignpostIcon WP7 70px.png
Article Metadata
Created: influencer (24 Sep 2012)
Last edited: vineet.jain (30 Jul 2013)

Version Hint

Windows Phone: [[Category:Windows Phone]]
[[Category:Windows Phone 7.5]]
[[Category:Windows Phone 8]]

Nokia Asha: [[Category:Nokia Asha]]
[[Category:Nokia Asha Platform 1.0]]

Series 40: [[Category:Series 40]]
[[Category:Series 40 1st Edition]] [[Category:Series 40 2nd Edition]]
[[Category:Series 40 3rd Edition (initial release)]] [[Category:Series 40 3rd Edition FP1]] [[Category:Series 40 3rd Edition FP2]]
[[Category:Series 40 5th Edition (initial release)]] [[Category:Series 40 5th Edition FP1]]
[[Category:Series 40 6th Edition (initial release)]] [[Category:Series 40 6th Edition FP1]] [[Category:Series 40 Developer Platform 1.0]] [[Category:Series 40 Developer Platform 1.1]] [[Category:Series 40 Developer Platform 2.0]]

Symbian: [[Category:Symbian]]
[[Category:S60 1st Edition]] [[Category:S60 2nd Edition (initial release)]] [[Category:S60 2nd Edition FP1]] [[Category:S60 2nd Edition FP2]] [[Category:S60 2nd Edition FP3]]
[[Category:S60 3rd Edition (initial release)]] [[Category:S60 3rd Edition FP1]] [[Category:S60 3rd Edition FP2]]
[[Category:S60 5th Edition]]
[[Category:Symbian^3]] [[Category:Symbian Anna]] [[Category:Nokia Belle]]

This page was last modified on 30 July 2013, at 11:05.
80 page views in the last 30 days.