Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Dec 07, 2012 03:42 PM by Spence11
Dec 07, 2012 03:25 AM|LINK
I have a couple of general security related questions, I have been looking into the hashing used by the membership provider and read an article by Troy Hunt about stronger hashing that showed the hasing in 2012 provider was much better. Now is there a simple
way to change the hashing algorithm in visual web developer 2010 and secondly I have successfully encrypted the connection strings in the web config file but can I somehow do the same with the smtp section I read some sections cant or shouldnt be encrypted.
Dec 07, 2012 10:18 AM|LINK
First question, you can download code that makes the hashing algorithm stronger from here:
Second question, section groups and regular elements cannot be encrypted, but the SMTP section can be encrypted. Use normal procedures to encrypt is, passing in smtp.
For more, see this thread: http://forums.asp.net/p/953254/1166980.aspx#1166980
Dec 07, 2012 02:12 PM|LINK
You'd want to use Rfc2898DeriveBytes to hash passwords. ASP.NET provides a helper API for it:
Dec 07, 2012 03:42 PM|LINK
Thanks both replies gave me plenty of info to get on with it :)