hash password in SQL Server (asp.net)

Question

Is this how hashed password stored in SQL Server should look like?

This is function I use to hash password (I found it in some tutorial)

public string EncryptPassword(string password)
{
    //we use codepage 1252 because that is what sql server uses
    byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
    byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
    return Encoding.GetEncoding(1252).GetString(hashBytes);
}

EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to:

public string EncryptPassword(string password)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}

// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8

Result from the image above looks like broken string, but this sha-1 looks normal....

Will this be secure enough?

Answer 1

Your're close, but not quite there.

For a secure hash, you will need a salt value in another column. Second, try to stay away from MD5 as a hashing provider. It's not as secure as SHA-1 or SHA-2. SHA-1 is included in .NET just like MD5 is.