Reputation: 71131
C#/Java/Ruby - Hash Alogrthym for Passwords - Cross-Lang/Platform
What is a good password hashing algorithm to use from C#, if later on you may know that there are going to be Java and Ruby programs that may also need to 'login'/authenticate a user. Anything out of the box in .NET that translates well to other languages and is easy to use.
Upvotes: 0
Views: 221
Answers (3)
Reputation: 521
Correct using of MD5 having salt added makes rainbow tables and brute force quite expensive. So, the comment pretty valid to use md5.
Upvotes: 1
Reputation: 65445
The strongest cryptographic hash algorithm which NSA/NIST has standardized on is SHA-512.
Be sure to use a per-password random salt (a 128-bit salt generated by a cryptographically strong random number generator is good). Or, even better, be sure to use a per-password random key (again generated by a cryptorandom), and use HMAC-SHA-512. Be sure to use multiple iterations - 4096 and 65,536 are good round numbers (2^12 and 2^16).
let h = get_hash_hunction("SHA-512")
let k = get_key_for_user("Justice")
let hmac = get_hmac(h, k)
let test = get_bytes("utf-8", http_request_params["password"])
for(i in 0 .. (2^16 - 1))
let test = run_hmac(hmac, test)
return test == get_hashed_password_for_user("Justice")
Upvotes: 2
Related Questions
- How can I hash a password in Java?
- Simple Hash that is always equal between C# and Java
- SHA-1 hashing on Java and C#
- Java Hashing Password Doesn't Match
- hashed password
- Password hashing compatible with Java and PHP
- Generate hash from string, will this be os dependant?
- Hash on Unicode Password
- Is there standard way to generate Password Hash with Microsoft?
- Windows Hashed Password