1
I am implementing an authentication/user registration functionality with ASP.NET MVC 4.5, but I can’t find anywhere a more correct way to work with passwords in the database, I don’t want to simply generate an MD5 and write to the database.
Is there no standard ASP.NET class that allows me to generate a hash or verify a password with an existing hash? (Generate / Verify) as it exists in PHP frameworks, for example.
i wouldn’t recommend that example you linked. It doesn’t do "key stretching" and compare the MAC with
==
is vulnerable to Attacks timing.– hugomg
It’s just an example of what you can do. The idea is to give ideas.
– Leonel Sanches da Silva
Is there any method that generates an always random hash, not reversible, and that there may be validation (password / hash) and that always generates a single-sized string?
– Rafael Alexandre
Yes, all of the SHA-2 family, for example.
– Leonel Sanches da Silva
If it is to give only idea, I prefer to give the idea of taking advantage of a ready library, as bcrypt :) When it comes to cryptography, it is very easy to make shit when trying to program things yourself.
– hugomg