A couple weeks ago Scott Mitchell wrote an article titled Using MD5 to Encrypt Passwords in a Database. In his article, Scott examined how to use the built-in ASP.NET MD5CryptoServiceProvider class to use MD5 hashing. To recap, MD5 is known as a one-way encryption algorithm. It is presented a plain-text string and then computes an encrypted version of that string. Given the encrypted version, it is computationally infeasible to determine the plain-text version. Unfortunately, Scott's article contains a rather serious security hole, namely that the a single value is used to compute the hash. This article, Thomas Tomiczek, examines how to improve the security provided by hashing passwords by salting the hash. Read on to learn more! [Read More] | [Visit ASPNET.4GuysFromRolla.com]
