Yesterday, the client asked me a question “Hi guys, are we using any password hashing and salting methodology?”. I’m sure that almost developers would say MD5 :). It could be the best answer… for ten years ago :v. Now the power of computers will brute-force them… in one music note :v.
Everybody knows to use hashing function to hash password but who knows which algorithm it uses!? So, let try exploring the asp.net identity source-code and saw some codes as attached screenshot.
Boom! It uses PBKDF2 with HmacSHA1 algorithm. Is it interesting!?
DYOR if you don’t know. Enjoy crypto!!!
Triet Dinh's Blog 