Hi all.
What is default hash algorithm that asp.net membership uses? And how i can change it?
Thanks.
I think is missing a part of the code in the example.
marco.ragogna
2010-10-27 13:05:28
+2
A:
Plz check this article.....
http://thekindofme.wordpress.com/2008/12/04/aspnet-membership-password-hashing-algorithm/
Muhammad Akhtar
2009-07-16 13:03:08
+4
A:
The default hash algorithm type is SHA1. There are two ways that you can change this.
1) If you are working with IIS 7 you can update this using the "Machine Key" configuration (shown below). This allows you to choose the encryption method from a list of available options and specify the keys or the key generation options.
2) If you are working with IIS 6 you can change the hash algorithm type using the membership element in the web.config file:
<membership
defaultProvider="provider name"
userIsOnlineTimeWindow="number of minutes"
hashAlgorithmType="SHA1">
<providers>...</providers>
</membership>
According to the documentation the string value of the hashAlgorithmType attribute can be any of the provided .Net hashing algorithm types. A bit of digging shows that the valid values for ASP.Net 2, 3 and 3.5 are MD5, RIPEMD160, SHA1, SHA256, SHA384, SHA512. The important part here is that all these classes inherit from HashAlgorithm.
The value of the hashAlgorithmType attribute can also be an entry from the cryptoNameMapping element in the machine.config file. You could use this if you require a 3rd party hashing algorithm. The machine.config file can typically be found in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG if you are using ASP.Net 2 or later. You can read more about setting these values here.
MikeD
2009-07-16 13:07:08