D
David Rees
The Forms-encryption module includes a handy (if long-winded) hash function:
FormsAuthentication.HashPasswordForStoringInConfigFile
It only supports MD5 and SHA1, but ages ago MD5 was torn apart, and more
recently
(http://it.slashdot.org/article.pl?sid=07/01/20/1936257&threshold=2) they've
broken SHA-1, so obviously we're going to need something a little stronger.
I was thinking SHA-256, but that's too similar to SHA-1.
Fortunately I don't use .HashPasswordForStoringInConfigFile much (I think...
twice in my last application), but I'll need something more beefier. A quick
Reflection of the method shows SHA1 and MD5 support is hard-coded.
What hash functions do you suggest and are easy enough to implement in .NET?
FormsAuthentication.HashPasswordForStoringInConfigFile
It only supports MD5 and SHA1, but ages ago MD5 was torn apart, and more
recently
(http://it.slashdot.org/article.pl?sid=07/01/20/1936257&threshold=2) they've
broken SHA-1, so obviously we're going to need something a little stronger.
I was thinking SHA-256, but that's too similar to SHA-1.
Fortunately I don't use .HashPasswordForStoringInConfigFile much (I think...
twice in my last application), but I'll need something more beefier. A quick
Reflection of the method shows SHA1 and MD5 support is hard-coded.
What hash functions do you suggest and are easy enough to implement in .NET?