Password Encryption in ASP.NET MVC 3

Question

Password Encryption in ASP.NET MVC 3

I am trying to create a custom membership system in ASP.NET MVC3 .

I know that there are many free open source providers, but I do this to find out more. My question is password encryption.

What algorithm do you propose to use: SHA1 , SHA256 , MD5 , BCrypt or something else? Also, how do you suggest creating a password salt?

+1

security passwords asp.net-mvc-3 c # -4.0 salt

king.net Feb 17 '12 at 17:46

source share

2 answers

Most of these algorithms are hashing algorithms, they do not encrypt, they create a hash (checksum), and usually this is the best way to store passwords unless you have a really good reason to recover passwords (and I don’t think there are many reasons).

I typically use sha256. As for salt, random enough 6 or more characters. But salt can be anything; it depends on your imagination how to generate it.

+1

Mikesw Feb 17 '12 at 18:07

source share

Darin Dimitrov · Accepted Answer · 2012-02-17T18:07:50+0000

BCrypt if you need a really strong hash. As for salt creation, you can use the RNGCryptoServiceProvider class. Here's an article you can check out. Just replace the SHA1 algorithm used there with BCrypt.

Password Encryption in ASP.NET MVC 3

More articles: