Default Password Hasher
The default password hasher that comes out of the box with ASP.NET Identity 2 ticks all the right boxes:
- It actually uses a hashing algorithm (for some reason this is still something we need to congratulate in 2017)
- It generates a per user salt
- It iteratively hashes a password (not just once like in vanilla ASP.NET Membership)
- It uses a derived key
The above can pretty much be summed up with "it uses PBKDF2", but that that didn’t read as nice.
Great, so that’s pretty good for an out of the box password hasher from 2014. But for some reason the password hasher contains the following line of code:Read more