asp.net - Correctly Salting a Hash in .NET -


i implementing new password stored procedure companies current product. asp.net application ms sql server.

before used 3des encryption off same common seed encrypt, , check users authentication decrypted password using same seed.

i implementing sha256 hash, salt can not decrypted.

firstly, understand every salt should different per user, don't understand salt stored? if stored in database, doesn't void purpose?

my idea creating salt taking first 4 letters of username, first 3 letters of first name, , first 3 letters of last name, , converting md5 hash , using salt without storing in database.

this sequence server side no hacker know sequence without source code.

is there issues doing here?

also sha256 acceptable or should looking @ sha512.

thanks

"is there issues doing here?"

yes, there is. obscurity not security. because salt hard find out doesn't mean it's secure. figuring out how created salt piece of cake compared forcing hash.

there no need keep salt secret, create random number each user , store along password. purpose of salt elliminate advantages of using rainbow tables crack passwords in table. salt have different users (preferably unique, that's not crucial).


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more