Of the two hashing algorithms, SHA and MD5, which one would be the easiest to implement in .NET MVC 3. By easy, I mean the least amount of overhead and time to implement.
I know the argument will be that with security it shouldn’t matter, but I am still interested in which one it would be. And if there is another highly used one that is easier, which is it?
I am new to working with hashing algorithms for site authentication, so I want to make sure I do my research before I go at it.
Also, if .NET or MVC has built in support for anything, what would it be?
Thank you.
See System.Security.Cryptography.MD5, and System.Security.Cryptography.SHA256.
A list of implemented hashing algorithms in the .NET framework can be found here.
You should also check out this blog post for a few tips about rolling your own authentication scheme.
Bcrypt is often a good choice for hashing passwords, and there’s a .NET port of it here. However, I’m not sure if there has been any outside code review on this project, so it may be worth asking around.
Excellent posting about why bcrypt is the preferred method for storing passwords: http://codahale.com/how-to-safely-store-a-password/.
In regards to least overhead, that should really never be a concern. I would never want my passwords stored using the weakest hashing algorithm because a website or service needed “less overhead”.