How do API Keys and Secret Keys work? Would it be secure if I have to pass my API and secret keys to another application?

Basically elaborating on what’s outlined here. Here’s how it works: let’s say we have a function that takes a number from zero through nine, adds three and, if the result is greater than ten, subtracts ten. So f(2) = 5, f(8) = 1, etc. Now, we can make another function, call it f’, that goes … Read more

How to hash a password

Most of the other answers here are somewhat outdated considering today’s best practices. The most robust password-hashing algorithm that’s natively available in .NET is PBKDF2, represented by the Rfc2898DeriveBytes class. The following code is in a stand-alone class in this post: Another example of how to store a salted password hash. The basics are really … Read more

Difference between Hashing a Password and Encrypting it

Hashing is a one way function (well, a mapping). It’s irreversible, you apply the secure hash algorithm and you cannot get the original string back. The most you can do is to generate what’s called “a collision”, that is, finding a different string that provides the same hash. Cryptographically secure hash algorithms are designed to … Read more

Salting Your Password: Best Practices? [closed]

Prefix or suffix is irrelevant, it’s only about adding some entropy and length to the password. You should consider those three things: The salt has to be different for every password you store. (This is quite a common misunderstanding.) Use a cryptographically secure random number generator. Choose a long enough salt. Think about the birthday … Read more

Is it secure to store passwords as environment variables (rather than as plain text) in config files?

As mentioned before, both methods do not provide any layer of additional “security” once your system is compromised. I believe that one of the strongest reasons to favor environment variables is version control: I’ve seen way too many database configurations etc. being accidentially stored in the version control system like GIT for every other developer … Read more