Three SHA512Managed related questions:
Sha512Managed does not depend on system calls, and has the largest hash size of the built-in hashes. If you re not optimizing for anything else, it would be considered the most secure.
For password cracking purposes, a salt essentially increases the size of the password. Though bigger is better, anything beyond the number of bits of the password itself is largely wasted. So, for a min 8 ASCII character password, you might go for a 64 bit salt.
Yes and no. It s overkill for modern technology; the size of the strings are irrelevant. If you need your passwords to be secure for the next 100 years, well, go for 512.
A reference: http://www.codeproject.com/KB/security/Cryptography_NET.aspx
Ben s answer is incorrect, you should not be using SHA* functions to hash passwords. You should be using a hash function that is specifically designed for hashing passwords, such as PBKDF2, BCrypt or SCrypt. Min s answer and comments are correct.
Since you want to use standard .NET library I suggest Rfc2898DeriveBytes which is an implementation of PBKDF2.
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx
If you re looking for preventing brute force attacks take a loot at bcrypt or scrypt. They re designed to be algorithmically slow. So even if an attacker did get a hold of the password database, calculating everything would take forever.
As a learning experience I recently tried implementing Quicksort with 3 way partitioning in C#. Apart from needing to add an extra range check on the left/right variables before the recursive call, ...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
I have two EF entities. One has a property called HouseNumber. The other has two properties, one called StartHouseNumber and one called EndHouseNumber. I want to create a many to many association ...
I m using decimal type (.net), and I want to see if two numbers are equal. But I only want to be accurate to 10 decimal places. For example take these three numbers. I want them all to be equal. 0....
I m creating an STA version of the SynchronizationContext for use in Windows Workflow 4.0. I m wondering what to do about exceptions when Post-ing callbacks. The SynchronizationContext can be used ...
I ve got some code which sets up a datacontext. Often enough, the datacontext should be set to some underlying data collection, such as an ObservableCollection - but occasionally I d like to set it ...
I am building an application with C#. I managed to turn this into a single instance application by checking if the same process is already running. Process[] pname = Process.GetProcessesByName("...
NOTE I have asked the related question (with an accepted answer): How to combine DataTrigger and Trigger? I think I need to combine an EventTrigger and a DataTrigger to achieve what I m after: when ...
