Using GetHashCode to "Protect" User Passwords

Question

Using GetHashCode to "Protect" User Passwords

The company I work for took on a contract to support a large order processing system. As part of the initial system audit, I noticed that the passwords stored in the database are actually a password hash.

Essentially:

string pwd = "some pasword";
string securePwd = pwd.GetHashCode();

My question is: is it safe or not?

I don’t like it, but I don’t know how GetHashCode works. I would rather use something like an MD5 hash, but if I spend my time, I will not worry.

+3

security c # .net cryptography

ilivewithian Mar 04 '09 at 10:51

source share

6 answers

, SHA256Managed.

Jeff Attwood :

-

,

+5

Mitch Wheat 04 . '09 10:55

, :

http://netrsc.blogspot.com/2008/08/gethashcode-differs-on-systems.html

, GetHashValue , .

, .

+5

stusmith 04 . '09 10:58

BCrypt. , GetHashCode .

+2

Quibblesome 04 . '09 11:37

GetHashCode , - . , . .NET, , , .

MD5 . - Security.Cryptography.

+1

jamiei 04 . '09 10:59

, GetHashCode , . , .

, , bcrypt, , , Stanford. . , , .

+1

RoadWarrior 04 . '09 11:21

Mehrdad Afshari · Accepted Answer · 2009-03-04T10:54:19+0000

GetHashCode 32- -. , - , , .

SHA256 , .

-. "" , . - bcrypt, scrypt, PBKDF2, .

Using GetHashCode to "Protect" User Passwords

More articles: