0

Possible Duplicate:
What is the optimal length for user password salt?

What size should I use in a CreateSalt class?

private static string CreateSalt(int size)
Community
  • 1
  • 1
Guilherme Longo
  • 2,278
  • 7
  • 44
  • 64
  • It looks like a method, not a class. – Wiktor Zychla Nov 23 '12 at 15:14
  • 2
    Possible duplciate: http://stackoverflow.com/questions/184112/what-is-the-optimal-length-for-user-password-salt – Andy Nov 23 '12 at 15:17
  • Stack Overflow [uses a 16 bytes salt](http://code.google.com/p/stackid/source/browse/OpenIdProvider/Current.cs#384) – Paolo Moretti Nov 23 '12 at 15:24
  • Just in case you're encrypting passwords, you might want to consider bcrypt (http://stackoverflow.com/questions/873403/net-implementation-of-bcrypt), which generates it's own salt. – EBarr Nov 23 '12 at 15:34

1 Answers1

1

Having just done this exact same thing this week, I decided on an byte[8] salt generated by the RNGCryptoServiceProvider class in .Net 4.

Seemed to be a decent size to avoid collisions with other salts.

Si

Slicksim
  • 7,054
  • 28
  • 32