What algorithm Asp.net Identity uses to encrypt the password?

Question 1

What algorithm Asp.net Identity uses to encrypt the password?

asp.net-mvc algorithm encryption asp.net-identity-2

Rameshwar · Jul 15, 2014 · Viewed 12.6k times · Source

Answer

Answer

ASP.NET Identity uses Password-Based Key Derivation Function 2 (PBKDF2) as implemented by Rfc2898DeriveBytes. It is a hashing algorithm.

Note that encryption and hashing are different.

public static string HashPassword(string password)
{
    byte[] salt;
    byte[] bytes;
    if (password == null)
    {
        throw new ArgumentNullException("password");
    }
    using (Rfc2898DeriveBytes rfc2898DeriveByte = new Rfc2898DeriveBytes(password, 16, 1000))
    {
        salt = rfc2898DeriveByte.Salt;
        bytes = rfc2898DeriveByte.GetBytes(32);
    }
    byte[] numArray = new byte[49];
    Buffer.BlockCopy(salt, 0, numArray, 1, 16);
    Buffer.BlockCopy(bytes, 0, numArray, 17, 32);
    return Convert.ToBase64String(numArray);
}

Question 2

What kind of algorithm does Asp.Net Identity framework use to encrypt the password? I have a scenario where android, iPhone, web and desktop use the same database. This password should be encrypted, so in ASP.NET MVC I have used Identity framework to encrypt the password. Now I need the algorithm to work for all platforms.

Any help will be appreciated.

Thanks in advance.

What algorithm Asp.net Identity uses to encrypt the password?

Answer

Related questions