Creating seeds with data that has hashed passwords and salts

Question

I have a table "admins" , and I want to seed data into it. the table has a password(nvarchar(128)) field and a password_salt(varbinary(1024)) field.

And the model is like this :

public string Password { get; set; }
public byte[] PasswordSalt { get; set; }

when I create a new admin, I create a password hash and a password salt like this :

public Admins Register(Admins admin)
        {
            CreatePasswordHash(admin.Password, out string passwordHash, out Byte[] passwordSalt);
            admin.Password = passwordHash;
            admin.PasswordSalt = passwordSalt;
            //rest of code
        }

private void CreatePasswordHash(string password, out string passwordHash, out Byte[] passwordSalt)
        {
            using (var hmac = new System.Security.Cryptography.HMACSHA512())
            {
                Byte[] buffer = hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
                passwordHash = Encoding.Unicode.GetString(buffer);
                passwordSalt = hmac.Key;
            }
        }

How can I seed such table? what should I put in the password salt field? it's a byte[] and I don't know how to acquire it and put in in my migrationBuilder.InsertData() method.

Answer 1

You could generate a 128-bit salt using a secure RandomNumberGenerator, and use KeyDerivation.Pbkdf2 to hash the passwords, please refer the following sample:

1. Create Admin Class and add the related properties:

    public class Admin
    {
        [Key]
        public int ID { get; set; }
        public string AdminName { get; set; }       
        public string Password { get; set; }
        public byte[] PasswordSalt { get; set; }
    }
   

2. Create ModelBuilderExtensions: add initial data and hash the passwords

    public static class ModelBuilderExtensions
    {
        public static void Seed(this ModelBuilder modelBuilder)
        {
            modelBuilder.Entity<Admin>().HasData(
                CreateAdmin(1,"Dillion", "Password01"),
                CreateAdmin(2,"Tom", "Password02"),
                CreateAdmin(3, "David", "Password03")
            ); 
        }
   
        public static Admin CreateAdmin(int id, string name, string password)
        {
            var admin = new Admin();
   
            byte[] salt = new byte[128 / 8];
            using (var rng = RandomNumberGenerator.Create())
            {
                rng.GetBytes(salt);
            }
   
            admin.PasswordSalt = salt;
            //Console.WriteLine($"Salt: {Convert.ToBase64String(salt)}");
   
            // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
            string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
                password: password,
                salt: salt,
                prf: KeyDerivationPrf.HMACSHA1,
                iterationCount: 10000,
                numBytesRequested: 256 / 8));
            admin.Password = hashed;
            admin.AdminName = name;
            admin.ID = id;
            return admin;
        }
    }
   

3. Call the seed() method in the OnModelCreating method:

    public class ApplicationDbContext : DbContext
    { 
        public DbSet<Admin> Admins { get; set; }
        public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options)
        {
        } 
        protected override void OnModelCreating(ModelBuilder modelBuilder)
        {
            modelBuilder.Seed();
        }
   
    }
   

4. Enable migration using the following commands:

    add-migration AddAdmin -context ApplicationDbContext
    update-database -context ApplicationDbContext
   

5. Check the Admin table:

   

More details information, check the following articles:

Hash passwords in ASP.NET Core

Initialize DB with test data in Asp.net core

Applying Seed Data To The Database