Friday, August 18, 2006


Gone are the days of salting and hashing users' passwords and storing the salt and salted hash next to each other in a database. .NET 2.0's new Rfc2898DeriveBytes class derives a pseudo-random key from a password, salt and a number of iterations - a so-called iterated and salted hash. And, apparently, it's more secure than just hashing a password and salt. More info here.

No comments: