Как правильно использовать соленые и хэшированные пароли

---

I'm having difficulties login in a page i've written using a salt-hashed password. Actually the code generates a 32-byte random salt taht it adds to the text inputed as password. then the hash of this is computed and stored in a table. However when one has to login, the text he inputs as password is salted with the same salt then hashed with the same hash function. if a match is detetcted then login is granted else, login is refused. I have difficulties implementing that.

Help please . my code below

Что я уже пробовал:

con.Open();
string salt = SaltF(32);
string Md = @"select Username, SH from SecureUser where Username= @usrn and SH= @sh";

SqlParameter usrname = new SqlParameter();
usrname.ParameterName = "@usrn";
usrname.Value = comboBox1.Text;
SqlParameter Sha = new SqlParameter();
Sha.ParameterName = "@sh";
Sha.Value = SaltHashF(salt, textBox2.Text);

SqlCommand cmdLd = new SqlCommand(Md, con);
cmdLd.Parameters.Add(usrname);
cmdLd.Parameters.Add(Sha);

SqlDataReader dr;
int K = 0;
dr = cmdLd.ExecuteReader();
while(dr.Read())
{
    K++;
}

if (K==1)
{
    con.Close();
    MessageBox.Show("Login Successful", " ", MessageBoxButtons.OK, MessageBoxIcon.Information);
    textBox2.Clear();
    ChangePasswordPlatform cpp = new ChangePasswordPlatform();
    cpp.Tag = this;
    cpp.Show(this);
    Hide();
}
else
{
    MessageBox.Show("Invalid username or password", " ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
    textBox2.Clear();
}

private static string SaltF(int size) { using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) { byte[] bytes = new byte[size]; rng.GetBytes(bytes); return Convert.ToBase64String(bytes); } } private static string SaltHashF(string salt, string pwd) { string PwdAndSalt = string.Concat(salt, pwd); string PwdSaltHash = Hash256F(PwdAndSalt); return PwdSaltHash; } 

---