locked
password format--) RRS feed

  • Question

  • User2045233432 posted

    I created change password page i want the password to be hashed not encrypted for more secure website

    which algorithm format i should use ?

    I prefer AES but does asp.net developed it ?

    or only limited formatted accepted ?

    please tell me which format is strong and developed by asp developers

    Thanks

    Thursday, July 31, 2014 3:34 PM

Answers

  • User-821857111 posted

    The the Crypto class HashPassword method. Don't try writing your own.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 3:45 PM
  • User281315223 posted

    I agree with Mike.

    In general when it comes to security-related topics like hashing, it's probably been done before and there are libraries out there (like the Crypto one) that should be used to handling those operations. Security is one of those areas that is worth using someone else's well tested and proven code instead of venturing out on your own.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 4:02 PM
  • User-821857111 posted

    As I said, use the HashPassword method. The only other method you should need is the VerifyHashedPassword method.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 4:53 PM
  • User281315223 posted

    Both SHA1 and SHA256 are "strong" as it's rather implied (SHA stands for Secure Hash Algorithm) and both are commonly used hash algorithms. SHA1 is typically an 160-bit hash function whereas SHA256 is going to be 256-bit and thus stronger.

    Additionally, SHA1 was found to have a security flaw and hasn't really been recommended for common use for quite some time. Your best bet would probably be to use the aforementioned Crypto library with something like SHA256 (or higher).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 4:55 PM
  • User-821857111 posted

    I have question is the crypto class already developed ?

    Yes - it is part of the ASP.NET Web Pages framework. You can find it in C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v2.0\Assemblies. Add a reference in your project to System.Web.Helpers.dll.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 5:27 PM

All replies

  • User-821857111 posted

    The the Crypto class HashPassword method. Don't try writing your own.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 3:45 PM
  • User281315223 posted

    I agree with Mike.

    In general when it comes to security-related topics like hashing, it's probably been done before and there are libraries out there (like the Crypto one) that should be used to handling those operations. Security is one of those areas that is worth using someone else's well tested and proven code instead of venturing out on your own.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 4:02 PM
  • User2045233432 posted

    there are 3 types which one is strong ?

    SHA1, SHA256 or hashpassword?

    Thursday, July 31, 2014 4:37 PM
  • User-821857111 posted

    As I said, use the HashPassword method. The only other method you should need is the VerifyHashedPassword method.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 4:53 PM
  • User2045233432 posted

    I have question is the crypto class already developed ?

    because when i put the below class , it gives me errors

    https://github.com/mono/aspnetwebstack/blob/master/src/System.Web.Helpers/Crypto.cs

    :(

    Thursday, July 31, 2014 4:55 PM
  • User281315223 posted

    Both SHA1 and SHA256 are "strong" as it's rather implied (SHA stands for Secure Hash Algorithm) and both are commonly used hash algorithms. SHA1 is typically an 160-bit hash function whereas SHA256 is going to be 256-bit and thus stronger.

    Additionally, SHA1 was found to have a security flaw and hasn't really been recommended for common use for quite some time. Your best bet would probably be to use the aforementioned Crypto library with something like SHA256 (or higher).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 4:55 PM
  • User-821857111 posted

    I have question is the crypto class already developed ?

    Yes - it is part of the ASP.NET Web Pages framework. You can find it in C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v2.0\Assemblies. Add a reference in your project to System.Web.Helpers.dll.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 31, 2014 5:27 PM
  • User2045233432 posted

    i have added it but it still error under dll word 

    Thursday, July 31, 2014 5:57 PM
  • User-821857111 posted
    What's the error?
    Friday, August 1, 2014 12:59 AM
  • User2045233432 posted

    adding the reference i face a red line under dll word

    Friday, August 1, 2014 12:15 PM
  • User-821857111 posted

    How are you adding a reference?

    Friday, August 1, 2014 2:57 PM
  • User2045233432 posted

    I right click the project then add--refrence -- C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v2.0\Assemblies--then it gives me a folders

    then i choose that library helper.dll

    Friday, August 1, 2014 4:01 PM
  • User-821857111 posted

    If you hover over the red line, what error message do you see?

    Saturday, August 2, 2014 3:21 AM