Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have an ASP.Net web application where I would like to implement cryptography for password security. I am not using SSL.
For that i studied and pick CRAM-MD5 algorithm for password authentication. I have implement javascript cram-md5 algorthim available at http://pajhome.org.uk/crypt/md5/
Here i would like to know that is there anyone used it and face that CRAM-MD5 authentication is decoded by hackers?
What are the possiblities of decoding CRAM-MD5 authentication?
Don’t self implement your hashing algorithm. There are well tested implementations in System.Security. As stated don’t use MD5.
In addition you should salt your hashes. For example if you have a user table with a password field you can add a salt field that is simply an integer, or a guid, or even a timestamp, but something unique. The salt ensures you will not have hash collisions within your database. Here is a discussion on salting.