ASP.NET MVC 3 app, BCrypt.CheckPassword failing

Question

I\'m working on implementing security in an ASP.NET MVC 3 application, and am using the BCrypt implementation found here to handle encryption and verification of passwords.

Answer 1

Forgive me if I'm missing something, but looking at your hash and your model you don't seem to store the salt anywhere, instead you use a new salt each time.

So when the password is set you must store both the hash and the salt; when you want to check an entered password you retrieve the salt, compute the hash using it, then compare against the stored one.