How to generate a hash for the user password with ASP.NET MVC and . NET 4.5

Asked

Viewed 887 times

1

I am implementing an authentication/user registration functionality with ASP.NET MVC 4.5, but I can’t find anywhere a more correct way to work with passwords in the database, I don’t want to simply generate an MD5 and write to the database.

Is there no standard ASP.NET class that allows me to generate a hash or verify a password with an existing hash? (Generate / Verify) as it exists in PHP frameworks, for example.

1 answer

1

  • i wouldn’t recommend that example you linked. It doesn’t do "key stretching" and compare the MAC with == is vulnerable to Attacks timing.

  • It’s just an example of what you can do. The idea is to give ideas.

  • Is there any method that generates an always random hash, not reversible, and that there may be validation (password / hash) and that always generates a single-sized string?

  • Yes, all of the SHA-2 family, for example.

  • 2

    If it is to give only idea, I prefer to give the idea of taking advantage of a ready library, as bcrypt :) When it comes to cryptography, it is very easy to make shit when trying to program things yourself.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.