ansaurus

Question

Is there a built in function to hash passwords in .NET?

Answer 1

A:

this will probably do it:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.hmacsha1.aspx

there is some sample c# code here:

http://www.obviex.com/samples/hash.aspx

jspcal 2010-01-23 03:27:17

Answer 2

+1 A:

I don't think there's a single function but you can do it in a few lines (here using SHA512, but there are other options):

using (var sha = new SHA512CryptoServiceProvider())
{
    byte[] hashed = sha.ComputeHash(Encoding.Default.GetBytes(saltedPassword));
    string output = Convert.ToBase64String(hashed);
}

Make sure you use one of the Crypto... classes to ensure the more secure algorithm is used.

John Bowen 2010-01-23 03:34:01

Very bad plan. A hash without a salt is subject to a rainbow table attack. Your use of the crypto classes was good but you must include a salt to make this answer useful. Also, the last line should use `Convert.ToBase64String`, which is as fast as `BitConverter.ToString` and produces a much shorter string (88 bytes vs 192 bytes in this case). If these two problems are corrected this could become the best answer, IMHO.

Ray Burns 2010-01-23 04:33:17

Thank you for the clarification. Yes, obviously the password should be salted before hashing which I was intending here but I see where the confusion came from. I'll update to be more explicit. Thanks for mentioning the Base64String conversion too.

John Bowen 2010-01-23 14:59:51

Answer 3

+3 A:

Check out FormsAuthentication.HashPasswordForStoringInConfigFile

string hashMD5 = FormsAuthentication.HashPasswordForStoringInConfigFile(Pass + Salt, "MD5");

string hashSHA1 = FormsAuthentication.HashPasswordForStoringInConfigFile(Pass + Salt, "SHA1");

Baddie 2010-01-23 03:47:07

ansaurus

tags:

views:

answers:

Is there a built in function to hash passwords in .NET?

related questions