Thread: What format should i use to save password?

Originally Posted by micky

okily dokily

i'll wait patiently

Well, how else are you gonna wait?

@RF - no hijacking...this isn't ASP Free

Originally Posted by jmurrayhead

Well, how else are you gonna wait?

@RF - no hijacking...this isn't ASP Free

Sorry Won't do it again.

Originally Posted by micky

okily dokily

i'll wait patiently

Here ya go, micky: Salted Password Hash - Code Samples

Originally Posted by micky

J, can i do some changes in this code so that the salt created have only alphabets and numbers??

The following line is what does it:

Code:

Convert.ToBase64String(buff)

But why on earth would you want to do that? No one ever sees the salt, it is randomly generated to ensure more security.

Originally Posted by micky

dont ask, its a dreadful story, u'll weep

actually, i need to send user password if he forgets it and i have set password field to take only alpha numeric characters.

so i m sending the salt to them!!
am i doing something wrong??

yes, it's dreadfully wrong micky lol. For one, sending passwords in emails is a very bad thing. You should setup a question/answer form where the user has to enter or select an existing question and provide the answer to it in order to reset their password. To do this, you would convert to lower case and hash their answer. Then, when they submit the form to reset their password, convert their answer to lower case and then hash it to compare against the hashed answer in the database.

Emails can be intercepted and read by malicious users. It's a very bad thing and the password salt/hash was not designed to do this. For one, hashes are one-way.