|
|
I chose to write this class library because all the articles and recommendation I found and were told at MSDN events recommended storing this Salt in a DBMS. I was writting an ASP.NET application where I wanted to use XML files for storage of usernames and passwords. Storing Salts in the same XML file isnt recommended, but I also didnt think it was secure storing them in any XML file "plainly". I decided to write a class that would generate the salt, merge it with the string, encrypt the string, take the salt and place it in a RANDOM location in the hash, save the hash. This allowes me to store the HASH in one XML file and makes the Salt far more secure since it has to be found in the HASH string first, very difficult to do. Also since the HASH string looks so similar to regular MD5 HASH strings its hard to determine when this method is actually being used.
|