we’re implementing a new ecommerce platform, and we want to make sure not to

Question

0

Asked: May 26, 20262026-05-26T03:50:59+00:00 2026-05-26T03:50:59+00:00

we’re implementing a new ecommerce platform, and we want to make sure not to

0

we’re implementing a new ecommerce platform, and we want to make sure not to make mistakes that can be avoided in the security department.

This time, I took a look at the password storing and hashing. What we currently do:

We generate 8 to 16 random bytes from 0-36 and 125-255 range, use this as a salt into the password, then SHA512 it 100k times. Then we store password and salt in the user account.

The solution is in C#. Anything to add for the randomization of the salt input? Or did we miss something critical?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T03:50:59+00:00

Editorial Team

2026-05-26T03:50:59+00:00Added an answer on May 26, 2026 at 3:50 am

Please don’t invent yourself – there are proven standard methods to do so (including hashing several times etc.), see for example http://en.wikipedia.org/wiki/PBKDF2 and http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

we’re implementing a new ecommerce platform, and we want to make sure not to

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply