ASPNET Identity 2.0 hashing algorithm

Question

Which Hashing Algorithm aspnet identity 2.0 uses to hash password. Is it SHA1 or SHA256 ? Is it possible to change to SHA2 if it uses SHA1 ?

Possible duplicate of [ASP.NET Identity default Password Hasher, how does it work and is it secure?](http://stackoverflow.com/questions/20621950/asp-net-identity-default-password-hasher-how-does-it-work-and-is-it-secure) — trailmax, Jan 20 '17 at 22:51
And http://stackoverflow.com/questions/19957176/asp-net-identity-password-hashing — trailmax, Jan 20 '17 at 22:52

score 1 · Answer 1 · answered Jan 20 '17 at 14:04

1

Microsoft is using PBKDF2 as their hashing algorithm in Identity 2.0.

answered Jan 20 '17 at 14:04

Svekke

score 0 · Answer 2 · answered Nov 22 '17 at 14:51

0

Asp.net Identity 2.0 uses SHA1. It relies on Rfc2898DeriveBytes and does not have any SHA256 option--you'd have to write your own implementation.

Asp.net Identity 3.0 does have an SHA256 option though.

answered Nov 22 '17 at 14:51

Matthew

2 Answers2