Hello all,
I'm trying to store salted hashed passwords in a user.tps file. On a NT Form, I have fields for user name, password and salt. In the Validate embed for the password and salt fields I have the following:
If Usr:Password <> p_web.GSV('PW')
st.setvalue(clip(Usr:Salt)&Clip(Usr:Password))
Crypto.MakeHash(st, cs:CALG_SHA_256)
Usr:Password = st.GetValue()
END
The condition is to see if the values have changed. I find that when I save after an insert, and try to log in, this does not work. If I go back in and enter the same password again and save, then login a second time, it does work. It seems my hashed value is not correct on the first attempt. I have tried many other embeds but get the same behavior. By the way, I also set the following in the GenerateForm, 2 Start embed:
p_web.SSV('PW', Clip(Usr:Password))
p_web.SSV('SALT', Clip(Usr:Salt))
Again, this is to check if the password or hash was changed during editing. I'm not sure my code/logic is correct here. Can anyone suggest where I'm going wrong?
Thanks,
Jeff King
Topic: storing salted hash passwords (NT 12.19) (Read 8130 times)