Hash password in SQL Server (asp.net)

Question

Hash password in SQL Server (asp.net)

Is this how a hashed password stored in SQL Server should look like?

alt text http://img28.imageshack.us/img28/2545/88871034.gif

This is the function I am using for hash password (I found it in some tutorial)

public string EncryptPassword(string password)
{
    //we use codepage 1252 because that is what sql server uses
    byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
    byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
    return Encoding.GetEncoding(1252).GetString(hashBytes);
}

EDIT I tried using sha-1 and now the lines look like they suggest:

public string EncryptPassword(string password)
{
    return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}

// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8

The result with the image above looks like a broken line, but this sha-1 looks ok ...

Will it be safe enough?

+2

sql passwords sql-server asp.net hash

ilija veselica May 13 '10 at 10:06

a source to share

1 answer

Dave markle · Accepted Answer · 2010-05-13T10:10:19+0000

Your end, but not quite there.

For a secure hash, you'll need a salt value in another column. Second, try to stay away from MD5 as a hashing provider. It is not as secure as SHA-1 or SHA-2. SHA-1 is included in .NET in the same way as MD5.

Hash password in SQL Server (asp.net)

More articles: