|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
MD5CryptoServiceProvider tied to machine?I'm using a routine like the one below to hash user passwords during a login process and compare them to the hashed version stored in our DB. private void HashPassword() { System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding(); MD5CryptoServiceProvider md5hasher = new MD5CryptoServiceProvider(); _encryptedPassword = md5hasher.ComputeHash(encoder.GetBytes(_saltValue + _password)); } Is this hash tied to the machine on which it is performed? i.e. if I move the application to a new environment, will the hash matches stop working? My concern is if we have a server crash and have to rebuild. Could I "extract" the current keys used to do this hash and store them in case we ever have to move environments? Is that possible or should I be using my own explicit key for this? Thanks! MD5 is just a hash algorithm. The same input produces the same output
wherever you use it. There are no "keys" associated with it. You should have no problems with portability, even to other platforms. You might want to consider using something a bit stronger like SHA1 at least though. It is also better to generate a new random salt for each hash. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net "BillAtWork" <BillAtWork@nospam.nospam> wrote in message news:985F70F5-F029-47A4-8B0F-3D2745720C75@microsoft.com... > Hi, > I'm using a routine like the one below to hash user passwords during a > login > process and compare them to the hashed version stored in our DB. > > private void HashPassword() > { > System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding(); > MD5CryptoServiceProvider md5hasher = new MD5CryptoServiceProvider(); > _encryptedPassword = md5hasher.ComputeHash(encoder.GetBytes(_saltValue + > _password)); > } > > Is this hash tied to the machine on which it is performed? i.e. if I move > the application to a new environment, will the hash matches stop working? > My > concern is if we have a server crash and have to rebuild. > > Could I "extract" the current keys used to do this hash and store them in > case we ever have to move environments? Is that possible or should I be > using > my own explicit key for this? > > Thanks! 
Other interesting topics
XmlDSig trouble
Can't import x.509: Cannot find the requested object Failed to access IIS metabase SslStream and AES 128 cipher Empty Event Logs from Windows 2003 Server,Win32_NTLogEvent,WMI How to decipher data in .NET using "RSA/ECB/PKCS1Padding"? Firewall Error Messgae RE: .NET CLR Error 800700002 Ofuscar mi aplicación VNC |
|||||||||||||||||||||||
