Best Practices for Hashing and Salting Passwords in .NET
►► Master Web API development Best Practices: https://bit.ly/3TnqoFQ
►► Build great web apps in Blazor WebAssembly: https://bit.ly/437g87T
►► Support us on Patreon and get the source code: / codemaze
In this video, I will show you how to use hashing and salting techniques in C# to safely store user passwords and also mention some best practices while doing so. In a system that stores user credentials, we must pay careful attention to how we store passwords. We must never store passwords in plain text.
That’s why we use hashing.
Hashing a password means applying a one-way encryption algorithm that will produce a cryptographic string. One-way encryption can’t be decrypted, making it impossible to infer the original password from the hashed string.
Now, we have to pay close attention when Choosing a Hashing Algorithm
As more and more computational power becomes available to the general public, hashing algorithms considered secure enough for password storage in the past became insecure. This is due to hackers being able to breach them via brute force. Some examples are the old MD5 and SHA algorithms. We must never use these for password hashing.
On the other hand, there are a few other hashing algorithms that are safe:
PBKDF2 (Password-Based Key Derivation Function 2)
BCrypt/SCrypt or
Argon2
In this video, I will use the PBKDF2 algorithm as it is available natively in the .NET framework. Unlike MD5 or SHA, this one enhances password protection to brute-force by adding extra complexity.
FOLLOW US ON SOCIAL MEDIA!
►► / marinko-spasojevic
►► / codemazeblog
►► / codemazeblog
