2

I am new to MVC 5 Identity. I am trying to find what is the hash logic for password in mvc 5 identity.

I am trying to validate user outside .net project but using its table AspNetUsers. If I am correct in mvc 4 it was SHA1?? But I am not sure whats the same in MVC 5.

Also can we validate user in table AspNetUsers within the sql server using sql script itself?

Regards & Thanks.

ary
  • 939
  • 2
  • 13
  • 32
  • possible duplicate of [What is default hash algorithm that ASP.NET membership uses?](http://stackoverflow.com/questions/1137368/what-is-default-hash-algorithm-that-asp-net-membership-uses) – gustavodidomenico Jan 12 '15 at 19:43
  • I am looking for mvc 5 identity. I think membership was for MVC4. – ary Jan 12 '15 at 19:46

1 Answers1

0

From https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNetCore.Identity/PasswordHasher.cs

Version 2:

PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey, 1000 iterations. (See also: SDL crypto guidelines v5.1, Part III)

Format: { 0x00, salt, subkey }

Version 3:

PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.

Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey } (All UInt32s are stored big-endian.)

meziantou
  • 20,589
  • 7
  • 64
  • 83
  • How do I update to version 3? When I look at the Nuget Package Manager, I'm already on the latest version, 2.2.1 for the Microsoft.AspNet.Identity.Core package – Scott Decker Nov 15 '16 at 04:18
  • Il s'agit de la version AspNet Core `Microsoft.AspNetCore.Identity` – meziantou Nov 15 '16 at 07:57