From the course: ASP.NET: Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Password hashing
- [Instructor] The final topic for this chapter is password hashing, so what is hashing in that context? It's basically a function that maps something, in this case, a password, to something else of usually a fixed length. And the idea here is that this function cannot be reversed, at least not very easily. This do not store passwords in clear text because if someone is stealing our database, the password is stolen as well. And as I mentioned before, there have been a lot of high-profile incidents, however, if we store a kind of a fingerprint of a password, or a hash, that hash is useless to an attacker because it doesn't give away the password, just the fingerprint of the password, so to speak. However, for our application, this is very valuable because when then someone tries to log in to the application, we can take the password they are sending. We can recalculate the hash and then compare those to hashes there by validating whether someone has the correct password or not without…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Storing secrets in Web.config4m 19s
-
(Locked)
Externalizing Web.config settings3m 35s
-
(Locked)
Encrypting Web.config4m 21s
-
(Locked)
Azure Key Vault2m 36s
-
(Locked)
Managing the Key Vault with Azure Shell4m 45s
-
(Locked)
Password hashing1m 20s
-
(Locked)
Adding password hashing to the app3m 18s
-
(Locked)
-
-
-