Re: Is this secure

Gef.Mongoose@xxxxxxxxx wrote:
What would be considered a secure way to store passwords?

Paul

Hi Gef

I use SHA1 to hash my passwords. When a user is created on my site, his password prefixed with a randomly generated salt and hashed with SHA1. Both the hashed password and salt are stored in the database.

When the user logs in, his password is sent to the SQL server in plain text through a stored proc and the stored procedure returns whether it is correct or not, the salt and hash never leave the database once there.

If the user changes their password a new salt is generated and stored again in the database.

Hope this helps.

Regards
Ray
.

Relevant Pages

  • Re: Is this secure
    ... I use SHA1 to hash my passwords. ... Both the hashed password and salt are stored in the database. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Is this secure
    ... I use SHA1 to hash my passwords. ... Both the hashed password and salt are stored in the database. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Simple VB.NET Web Application Encryption/Decryption of password
    ... It looks like Michael answered your second question. ... contains a hash and salt, you would return a byte array containing the hash ... SQL 6.5 (it depends on some database settings, ...
    (microsoft.public.dotnet.security)
  • Re: Is this secure
    ... I use SHA1 to hash my passwords. ... Both the hashed password and salt are stored in the database. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Is this secure
    ... What I do in my business layer I get the salt, then I use my custom classes ... to hash the passed in password then send the Hash to a Stored Proc to ... Both the hashed password and salt are stored in the database. ... but then i'd need the salt to create a saltedhash to ...
    (microsoft.public.dotnet.framework.aspnet)