Reputation: 45
How does default MVC 4 password verification work?
I've created a default MVC 4 project with login authentication
When I register for an account with password: 123456
Why is it stored in the SQL database as: ALWsAlpVTehuGr7W2jaGwoX3Ww0RE5GC+yYDITvCpCdHmIIrX7vwMoTW3cEbMsGd4w==
If so, how does it compare the 2 strings to check whether the password entered is correct?
Upvotes: 0
Views: 302
Answers (1)
Reputation: 1041
By default when passwords are stored in an SQL database they are encrypted. When you try logging in again the password will be encrypted before the authentication attempt, then this encrypted password will be compared to the one stored in the database.
It is disturbingly common for companies databases to become compromised. Imagine if a hacker got a copy of your database and right there was everyone's usernames and passwords in plain text. Most people use the same password for multiple sites so imagine the repercussions. Whereas if the hacker only has the encrypted passwords there is no way to reverse the salt and get the original plain text passwords out.
Upvotes: 0
Related Questions
- ASP MVC Validation Password and confirm password
- Simple password validation c# MVC
- How to reproduce ASP.NET MVC 4 password hash
- ASP.NET MVC 5 authentication: how does default code work?
- What authentication does MVC Authenticate rely on?
- ASP.NET MVC - How does WebSecurity work?
- Manual Password Verification ASP.NET
- What are the validations underneath when we apply DataType.Password on a field in MVC 4 model?
- What is getting verified (authenticated) in Windows Authentication?
- Asp.net mvc password check: Weak, Normal, Strong