Hash Password in C#? Bcrypt/PBKDF2

PBKDF2 You were really close actually. The link you have given shows you how you can call the Rfc2898DeriveBytes function to get PBKDF2 hash results. However, you were thrown off by the fact that the example was using the derived key for encryption purposes (the original motivation for PBKDF1 and 2 was to create “key” … Read more

Why are plain text passwords bad, and how do I convince my boss that his treasured websites are in jeopardy? [closed]

In the military it’s called “Defense in Depth”. The theory is that you harden every layer you can rather than hardening just one layer and hoping it’s enough. I’ve heard databases like yours called “hard on the outside, soft and chewy on the inside”. There are a million ways a dedicated hacker can get access … Read more

How does the “Remember my password” checkbox work?

The “save password” part comes from the browser’s password manager whenever it sees an <input type=”password”> that looks like it really is asking for a password. You can use the autocomplete attribute to suppress this in most browsers: <input type=”password” name=”password” autocomplete=”off”> This won’t validate but that usually doesn’t matter. The “remember me” part is … Read more

How to hash a password with SHA-512 in Java?

you can use this for SHA-512 (Not a good choice for password hashing). import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public String get_SHA_512_SecurePassword(String passwordToHash, String salt){ String generatedPassword = null; try { MessageDigest md = MessageDigest.getInstance(“SHA-512”); md.update(salt.getBytes(StandardCharsets.UTF_8)); byte[] bytes = md.digest(passwordToHash.getBytes(StandardCharsets.UTF_8)); StringBuilder sb = new StringBuilder(); for(int i=0; i< bytes.length ;i++){ sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, … Read more