Home > OS >  Does .NET 5 Identity CreateAsync() use sha512 for hashing and salting
Does .NET 5 Identity CreateAsync() use sha512 for hashing and salting

Time:05-24

I am currently using the inbuilt .NET 5 Identity CreateAsync() to create new user accounts. This is meant to take their passwords, hash them and then salt them. Does .NET 5 CreateAsync() method use SHA1, SHA256, or SHA512 and does it salt them?

CodePudding user response:

Per the PasswordHasher source code for .NET 5.0.17:

     /* =======================
     * HASHED PASSWORD FORMATS
     * =======================
     *
     * Version 2:
     * PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations.
     * (See also: SDL crypto guidelines v5.1, Part III)
     * Format: { 0x00, salt, subkey }
     *
     * Version 3:
     * PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
     * Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey }
     * (All UInt32s are stored big-endian.)
     */

NOTE: .NET 5 is no longer under support as of May 10, 2022, so there will be no security patches. You should upgrade to .NET 6 ASAP.

Page link:https//www.codepudding.com/os/417316.html

Prev:Why the TaskCompleted is executed before the end of the operation
Next:C# How to paste 2D array[,] onto second 2D array[,] on specified indexes
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding