views:

134

answers:

1

Is this how hashed password stored in SQL Server should look like?

alt text

This is function I use to hash password (I found it in some tutorial)

public string EncryptPassword(string password)
{
    //we use codepage 1252 because that is what sql server uses
    byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
    byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
    return Encoding.GetEncoding(1252).GetString(hashBytes);
}

EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to:

public string EncryptPassword(string password)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}

// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8

Result from the image above looks like broken string, but this sha-1 looks normal....

Will this be secure enough?

+2  A: 

Your're close, but not quite there.

For a secure hash, you will need a salt value in another column. Second, try to stay away from MD5 as a hashing provider. It's not as secure as SHA-1 or SHA-2. SHA-1 is included in .NET just like MD5 is.

Dave Markle
So, you're saying that this kind of entry looks ok?
ile
I edited my question, could you please take a look?
ile
Your sha1 sample looks normal but you should do as Dave says and throw in a salt value as well.
Chris W
check out http://stackoverflow.com/questions/1300890/md5-hash-with-salt-for-keeping-password-in-db-in-c
Dave Markle