We introduced password encryption to our site. The salt is calculated as shown below:
Rfc2898DeriveBytes hasher = new Rfc2898DeriveBytes(Username.ToLowerInvariant(),
System.Text.Encoding.Default.GetBytes("Wn.,G38uI{~6y8G-FA4);UD~7u75%6"), 10000);
string salt = Convert.ToBase64String(hasher.GetBytes(25));
For most usernames the salt is always the same. But for some usernames it changes at every call. Can someone tell me what we are doing wrong?
Assuming you're using RFC2898DeriveBytes to hash the password itself as well, then @CodesInChaos is correct, what you're doing wrong is:
byte[] salt1 = new byte[8];
using (RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider())
{
// Fill the array with a random value.
rngCsp.GetBytes(salt1);
}
The salt should then be stored in the clear in your database alongside the password hash and iteration count (so you can change it), and probably a version code too (so you can change it again, i.e. your current calculated salt method is version 1, and the random salt is version 2).
If you aren't using RFC2898DeriveBytes, another PBKDF2 implementation, BCrypt, or SCrypt to do the actual password hashing, then that's what you're doing wrong.
Trimming the username some, but not all of the time is entirely incidential; just make sure not to trim passwords before they're hashed.