2

Is this how hashed password stored in SQL Server should look like?

alt text http://img28.imageshack.us/img28/2545/88871034.gif

This is function I use to hash password (I found it in some tutorial)

public string EncryptPassword(string password)
{
    //we use codepage 1252 because that is what sql server uses
    byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
    byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
    return Encoding.GetEncoding(1252).GetString(hashBytes);
}

EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to:

public string EncryptPassword(string password)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}

// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8

Result from the image above looks like broken string, but this sha-1 looks normal....

Will this be secure enough?

Improve this question

1 Answer 1

Reset to default
3

Your're close, but not quite there.

For a secure hash, you will need a salt value in another column. Second, try to stay away from MD5 as a hashing provider. It's not as secure as SHA-1 or SHA-2. SHA-1 is included in .NET just like MD5 is.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

So, you're saying that this kind of entry looks ok?
Your sha1 sample looks normal but you should do as Dave says and throw in a salt value as well.
check out stackoverflow.com/questions/1300890/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.