I'm starting with Adventure Works LT database for SQL Server 2008 and I want to authenticate users with information in SalesLT.Customer table.
There are PasswordHash and PasswordSalt values which are great for securely storing password but is there any documentation with information about what passwords where used initialy and how to write code to genereate new salt values and hash from it when I will be creating new Customer in my application?
I know the theory behind salted hashed passwords but I'm missing documentation about:
1) How the salt is generated (what kind of crypto graphic generator was used) 2) How the salt is stored in DB (looks like it is Base64 value of original salt) 3) How passwords are salted (by appending salt to them?) 4) What hash function is used in PasswordHash (SHA1, SHA256?)