1
I am implementing an authentication/user registration functionality with ASP.NET MVC 4.5, but I can’t find anywhere a more correct way to work with passwords in the database, I don’t want to simply generate an MD5 and write to the database.
Is there no standard ASP.NET class that allows me to generate a hash or verify a password with an existing hash? (Generate / Verify) as it exists in PHP frameworks, for example.
1
There are several. A Nuget search on Bcrypt brings a variety of them.
The ASP.NET Identity password algorithm is here.
You can still use the algorithm of your preference. Here’s an example with SHA1.
The choice of what to use depends on your need. If it’s reversible, if it’s fast, if it’s too hard to break, and so on.
The namespace System.Security.Cryptography also has many options that you can use.
Browser other questions tagged c# asp.net-mvc
You are not signed in. Login or sign up in order to post.
i wouldn’t recommend that example you linked. It doesn’t do "key stretching" and compare the MAC with
==is vulnerable to Attacks timing.– hugomg
It’s just an example of what you can do. The idea is to give ideas.
– Leonel Sanches da Silva
Is there any method that generates an always random hash, not reversible, and that there may be validation (password / hash) and that always generates a single-sized string?
– Rafael Alexandre
Yes, all of the SHA-2 family, for example.
– Leonel Sanches da Silva
If it is to give only idea, I prefer to give the idea of taking advantage of a ready library, as bcrypt :) When it comes to cryptography, it is very easy to make shit when trying to program things yourself.
– hugomg