C#•13mo ago

Encrypt password

Good evening. I would like to know how to encrypt passwords properly these days. MD5 is apparently outdated and is no longer used. Is SHA256 more secure? Many thanks for your help

12 Replies

Jimmacle•13mo ago

to be pedantic, you never encrypt passwords encryption is two way, passwords are hashed which is a one way operation afaik argon2 is the "best" but i don't roll my own authentication

SteffOP•13mo ago

Let me not get this wrong. Don't I have to make sure that my passwords are stored securely in the database and cannot be accessed "blank"? Or am I just getting this wrong

Jimmacle•13mo ago

correct i was just nitpicking the word "encrypt" because that's not technically what you do, you hash them

SteffOP•13mo ago

Oh, then I apologize for that 😄

mtreit•13mo ago

You should probably use an existing implementation like the PasswordHasher type from ASP.NET Core Identity

mtreit•13mo ago

https://andrewlock.net/exploring-the-asp-net-core-identity-passwordhasher/

Andrew Lock | .NET Escapades

Exploring the ASP.NET Core Identity PasswordHasher

In this post I take a look at the PasswordHasher<> implementation from the ASP.NET Core Identity framework, and how it supports multiple hashing algorithms.

mtreit•13mo ago

It takes care of salting for you and uses secure hash algorithms.

SteffOP•13mo ago

So i can this use for WPF?

mtreit•13mo ago

Sure At least, I'm not aware of a reason you couldn't use it there.

SteffOP•13mo ago

Thanks for help ❤️

mtreit•13mo ago

using Microsoft.AspNetCore.Identity;
using System;

var user = "User1";
var password = "My amazing password you will never guess :)";
var hasher = new PasswordHasher<string>();
var hash = hasher.HashPassword(user, password);
var hash2 = hasher.HashPassword(user, password);
Console.WriteLine(hash);
Console.WriteLine(hash2);

var verifyResult = hasher.VerifyHashedPassword(user, hash, password);
Console.WriteLine(verifyResult);
verifyResult = hasher.VerifyHashedPassword(user, hash2, password);
Console.WriteLine(verifyResult);

using Microsoft.AspNetCore.Identity;
using System;

var user = "User1";
var password = "My amazing password you will never guess :)";
var hasher = new PasswordHasher<string>();
var hash = hasher.HashPassword(user, password);
var hash2 = hasher.HashPassword(user, password);
Console.WriteLine(hash);
Console.WriteLine(hash2);

var verifyResult = hasher.VerifyHashedPassword(user, hash, password);
Console.WriteLine(verifyResult);
verifyResult = hasher.VerifyHashedPassword(user, hash2, password);
Console.WriteLine(verifyResult);

You just need a reference to the Microsoft.Extensions.Identity.Core package.

[15:37:12] ✗ dotnet run
AQAAAAIAAYagAAAAEP8xBclT584QWftjda+cx/rctc3qRkHA7GXxV0JvIO4SF7qQDIqeR16r0jdBqk8qNA==
AQAAAAIAAYagAAAAEAK0BqHUGJt6hCcZSAVlfK5FTpdn63xh0si4qNYNcXLsA0Dh/P2qFr8++Diyt5+vIQ==
Success
Success

[15:37:12] ✗ dotnet run
AQAAAAIAAYagAAAAEP8xBclT584QWftjda+cx/rctc3qRkHA7GXxV0JvIO4SF7qQDIqeR16r0jdBqk8qNA==
AQAAAAIAAYagAAAAEAK0BqHUGJt6hCcZSAVlfK5FTpdn63xh0si4qNYNcXLsA0Dh/P2qFr8++Diyt5+vIQ==
Success
Success

SteffOP•13mo ago

If it works the way I want it to in the end, it will be perfect! 😄 But thank you very much ❤️ 🙂

Gaming

Programming

Encrypt password