Answer
All passwords need to be salted in order to hash them securely. In this case, however, you are correct; System.Web.Helpers.Crypto takes care of creating a salt for you. You don’t need to create one. It is stored in the string returned by Crypto.HashPassword().
Example
All you need to do is something like this.
using System.Web.Helpers;
public void SavePassword(string unhashedPassword)
{
string hashedPassword = Crypto.HashPassword(unhashedPassword);
//Save hashedPassword somewhere that you can retrieve it again.
//Don't save unhashedPassword! Just let it go.
}
public bool CheckPassword(string unhashedPassword)
{
string savedHashedPassword = //get hashedPassword from where you saved it
return Crypto.VerifyHashedPassword(savedHashedPassword, unhashedPassword)
}
More Information
- If you would like to learn more about the
Cryptoclass you can view it here. - And here is a good blog on the class and some of the ideas behind it.