I have read that when hashing a password, many recommend using the BCrypt algorithm. I am programming in C# and is wondering if anyone know of a good and correct implementation. Found this page here, with one, but I don't really know if it is bogus or not. Although, to a non crypting expert, the code looks kind of impressive and comples :p
I found this page that have a code implement the Blowfish password protection. Take a look.
Svish,
i'm not a cryptography expert either but i have analyzed a few hashing algorithms in the past and this one, at least with a quick look, seems to use some of the same methodologies as other algorithms.
i also built and ran the code in Snippet Compiler and performed a couple of tests both of which returned the correct, expected result.
As i was working through this i recalled why i was looking into hash algs in the past in the first place: One day, years ago i was reading MSDN documentation on mD5 and noticed somewhere in the text that the algorithm was not guaranteed to remain the same between releases. This meant that a 1.1 MD5 hash might return a different result than a 2.0 MD5 hash. i'm not sure if that is indeed the case but the disclosure was there. Since i was writing an app that was expected to stand the test of time, this disclosure scared the heck out of me and i set out to implement my own hashing algorithm which would build with my assemblies and never change.
The summarize that long-winded paragraph: You might be better off in the long run writing your own hash alg rather than depending on MS's whims.
btw. After further examination of the code, the only reason that the System.Security.Cryptography namespace is used is for random number generation. There is no dependency on existing hash algorithms.