C# Web.config using stronger like "Bcrypt" hashed password format in Form Authentication Credential

Question

For some reason, I have to store the username and password under web.config. I used to store like the following:

<authentication mode="Forms">
  <forms name=".ASPNETAUTH" >
    <credentials passwordFormat="SHA1">
      <user name="User1" password=" 7c4a8d09ca3762af61e59520943dc26494f8941b" />
    </credentials>
  </forms>
</authentication>

Is there any more secure way like "Bcrypt" for hashing either than SHA1, MD5 but can still use the default form authentication credential tag? I have tried to use https://www.zetetic.net/blog/2012/3/29/strong-password-hashing-for-aspnet.html However, it need to use SQL service provider which cannot fulfill my requirement.

score 0 · Answer 1 · edited May 23 '17 at 12:21

0

You could try this implementation - https://bcrypt.codeplex.com/ I haven't used it myself, but I have been thinking about using something other than SHA for a upcoming project.

Edit: In fact there is a very good question and answer already on StackOverflow. Is BCrypt a good hashing algorithm to use in C#? Where can I find it?

edited May 23 '17 at 12:21

Community

1
1

answered Jul 23 '15 at 09:44

MikeS159

1,884
3
29
54

But after I import the dll can I change it to like following? or I have to write another class to handle this? – Goldfish Jul 24 '15 at 02:15

C# Web.config using stronger like "Bcrypt" hashed password format in Form Authentication Credential

1 Answers1