Tutorial :Different hash algorithm for ASP.NET Membership provider?



Question:

Does anyone know if it is possible to configure the ASP.NET membership API to use SHA-256 or SHA-512? I don't really want to have to go down the line of writing my own and our employer has an encryption policy that does not allow MD5 or SHA-1. All i can find from Microsoft is the the HashAlgorythmType enum

...but this only contains MD5 and SHA1

Thanks,

Keeno


Solution:1

Looks like it is indeed possible (assuming you are using SqlMembershipProvider). It supports SHA1, MD5, SHA256, SHA384 and SHA512

SqlMembershipProvider uses this code to instantiate hashing algorithm:

// MembershipPasswordFormat.Hashed  HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType );  bRet = s.ComputeHash(bAll);  

Membership.HashAlgorithmType (of type string) is the hashAlgorithmType attribute of the membership element in the Web.config

For the full list of all possible values see: http://msdn.microsoft.com/en-us/library/wet69s13(v=vs.100).aspx


Solution:2

ACtually the format is determined by the passwordFormat attribute of the .../membership/providers/add element in the configuration file which defines settings for the provider.

The possible values are given by the MembershipPasswordFormat enumeration which provides no control over the hash algorithm used.


Solution:3

You can change the hash algorithm with the hashAlgorithmType attribute. Also you can map algorithm names to classes. So if you want algorithm other than MD5 and SHA1 add new mappings.

For more information see:
membership Element (ASP.NET Settings Schema)
Membership.HashAlgorithmType Property


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »