i need a replacement for this that i can store it in database as utf8 string.
with this method i got a error at insert, i guess because it is just a byte sequence.
Public Function Hash(value As String) as String
Dim hashValue As String
hashValue = Crypto.PBKDF2(kSalt, value, 128, 32, Crypto.Algorithm.SHA512)
Return hashValue
End Function
Is that really a constant for the salt? Because it shouldn’t be, you should generate random bytes for each new entry and store it meet l next to the hash.
Just a note about why this is important. (Not so much for you Markus, but for others who find this thread later.)
Let’s say I wanted to attack your app and database and was able to obtain a copy of both. My first step would be to decompile the app to learn the salt and other hash settings. If the salt is the same for every record, my job becomes much easier. I don’t have to try to brute-force every record, I’d “just”* have to create a table of hashes using those settings, then match up records where I could. I’d also see where two users used identical passwords because the hash is the same.
(* “just” because this is still cpu-intensive.)
When the salt is different for every record, I can gain no information and would have to attack each record individually, making my job significantly less attractive.
Nothing provides absolute security, of course, so it’s all about increasing the level of difficulty to the point where a bad actor would give up.
(For even more security, check out the Security Through Obesity scheme.)