Permalink
Browse files

Added password hashing article

  • Loading branch information...
1 parent 18bb840 commit 9f55d75e706ed40797ac60b2dc73858c51eaef7b @joeyb committed Feb 15, 2012
Showing with 65 additions and 0 deletions.
  1. +63 −0 2012/02/15/password-hashing-in-dotnet.html
  2. +2 −0 index.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-us">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title>Password Hashing in .NET</title>
+ <meta name="author" content="Joey Bratton" />
+
+ <!-- Homepage CSS -->
+ <link rel="stylesheet" href="/css/screen.css" type="text/css" media="screen, projection" />
+
+ <script type="text/javascript">
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-8032568-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+ </script>
+</head>
+<body>
+
+<div class="site">
+ <div class="title">
+ <a href="/">Joey Bratton</a>
+ </div>
+
+ <div id="post">
+
+ <h1>Password Hashing in .NET</h1>
+
+ <p class="meta">15 February 2012</p>
+
+ <p>I'm currently in the process of extracting a lot of the generic, boilerplate code that I use regularly and building a series of re-usable libraries. One of the first pieces that I wanted to tackle was to build a reliable password hashing library that followed current best practices for how to securely hash user passwords.</p>
+
+<p>The vast majority of projects that I've seen have used either MD5 or SHA for hashing their passwords. Both of those hashing algorithms have valid use cases, but they are both far too fast to be used for hashing password data. <a href="http://codahale.com">Coda Hale</a>'s article on <a href="http://codahale.com/how-to-safely-store-a-password/">How To Safely Store A Password</a> goes in depth into the problems caused by using a general purpose hashing algorithm for passwords. Unfortunately there doesn't seem to be a verified implementation of bcrypt for .NET, but there is a built-in implementation of <a href="http://en.wikipedia.org/wiki/PBKDF2">PBKDF2</a> in the .NET Framework.</p>
+
+<p>The hashing functionality was extracted from the <a href="http://code.google.com/p/stackid/">Stack Exchange OpenID Project</a>. You can find the source code for the library <a href="https://github.com/joeyb/JoeyB.Security">on github</a>.</p>
+
+
+</div>
+
+ <div class="footer">
+ <div class="contact">
+ <p>
+ Joey Bratton<br />
+ Software Developer at <a href="http://ignew.com/">igNew, LLC.</a><br />
+ joey@joeyb.org
+ </p>
+ </div>
+ <div class="contact">
+ <p>
+ <a href="http://github.com/joeyb/">github.com/joeyb</a><br />
+ <a href="http://twitter.com/joeybratton/">twitter.com/joeybratton</a>
+ </p>
+ </div>
+ </div>
+</div>
+
+</body>
+</html>
View
@@ -31,6 +31,8 @@
<h1>Blog Posts</h1>
<ul class="posts">
+ <li><span>15 Feb 2012</span> &raquo; <a href="/2012/02/15/password-hashing-in-dotnet.html">Password Hashing in .NET</a></li>
+
<li><span>27 Jan 2012</span> &raquo; <a href="/2012/01/27/hiring-difficulties.html">Hiring Difficulties</a></li>
<li><span>26 Jan 2012</span> &raquo; <a href="/2012/01/26/quick-code-samples-building-a-simple-config-service.html">Quick Code Samples: Building a Simple Config Service</a></li>

0 comments on commit 9f55d75

Please sign in to comment.