I have a couple of general security related questions, I have been looking into the hashing used by the membership provider and read an article by Troy Hunt about stronger hashing that showed the hasing in 2012 provider was much better. Now is there a simple
way to change the hashing algorithm in visual web developer 2010 and secondly I have successfully encrypted the connection strings in the web config file but can I somehow do the same with the smtp section I read some sections cant or shouldnt be encrypted.
Second question, section groups and regular elements cannot be encrypted, but the SMTP section can be encrypted. Use normal procedures to encrypt is, passing in smtp.
Spence11
Member
2 Points
6 Posts
Couple of Security related questions
Dec 07, 2012 03:25 AM|LINK
I have a couple of general security related questions, I have been looking into the hashing used by the membership provider and read an article by Troy Hunt about stronger hashing that showed the hasing in 2012 provider was much better. Now is there a simple way to change the hashing algorithm in visual web developer 2010 and secondly I have successfully encrypted the connection strings in the web config file but can I somehow do the same with the smtp section I read some sections cant or shouldnt be encrypted.
Thanks
DarrellNorto...
All-Star
86773 Points
9643 Posts
Moderator
MVP
Re: Couple of Security related questions
Dec 07, 2012 10:18 AM|LINK
First question, you can download code that makes the hashing algorithm stronger from here:
http://zetetic.net/blog/2012/3/29/strong-password-hashing-for-aspnet.html
and http://zetetic.net/blog/2012/7/3/secure-password-hashing-for-aspnet-in-one-line.html
Second question, section groups and regular elements cannot be encrypted, but the SMTP section can be encrypted. Use normal procedures to encrypt is, passing in smtp.
For more, see this thread: http://forums.asp.net/p/953254/1166980.aspx#1166980
Darrell Norton's Blog
Please click "Mark as Answer" if this helped you.
BrockAllen
All-Star
27534 Points
4907 Posts
MVP
Re: Couple of Security related questions
Dec 07, 2012 02:12 PM|LINK
You'd want to use Rfc2898DeriveBytes to hash passwords. ASP.NET provides a helper API for it:
http://brockallen.com/2012/10/19/password-management-made-easy-in-asp-net-with-the-crypto-api/
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Spence11
Member
2 Points
6 Posts
Re: Couple of Security related questions
Dec 07, 2012 03:42 PM|LINK
Thanks both replies gave me plenty of info to get on with it :)