Ant
no notes

Season Your Hash - Adding Salt

Hashing your passwords is not enough, there are a number of hash databases which store huge numbers of hash values which act as a reverse lookup revealing your passwords true identity.

In the my first post on the subject, I explained how to hash passwords for storage in a database. Here is the revised method which includes adding "Salt" to your value in to protect your password hash from reverse lookup. 

/// <summary>
/// <para>Get a hash value for the string passed</para>
/// </summary>
public static string Hash(string value, bool base64Encode) {
    var service = new MD5CryptoServiceProvider();
    var bytes = service.ComputeHash(
        Encoding.Default.GetBytes(
            string.Concat(value, Settings.Default.SecurityHashSalt)));

    return base64Encode
                ? Convert.ToBase64String(bytes)
                : Encoding.Default.GetString(bytes);
}

Putting the "Salt" into the .Config of you application does mean that your application hosting must be secure, you could hard-code it into your application, but even then your assembly can be decompiled.

Anyhow, I use a GUID for my salt, adding a few random chars of my own just for good luck.

^ top

Post a Note

(required)

(required never shown)

^ top

On Twitter Follow MrAntix on Twitter

1 hours ago
TheNextWeb
Bing's search API now live on the Windows Azure Marketplace http://t.co/utX8uOuG by @alex

15/05/2012
WindowsAzure
Announcing the MEET Windows Azure Event! Streamed online June 7th. Register at http://t.co/bObzTAuL  #MEETAzure #WindowsAzure

One hour ago
commadelimited
Buy the @amazon Kindle version of mine and @cfjedimaster's @jquerymobile book for $10 today: http://t.co/PWRZ2dkd

just now
CSSDropDownMenu
Simple horizontal css drop down menu demo Windows Azure and Cloud Computing Posts for 4/16/2011+ This makes fo... http://t.co/DZdNLHxF

just now
WAPForums
UpdateMessage() method not available in SDK 1.6? http://t.co/fyORSB1T Windows #Azure