03-27-2012, 10:26 PM
A big thank you to @skradel for telling us the formatting used, and @klingsen for the important note on Microsoft .NET version 4 using sha256 as its default.
I presume episerver will, if they haven't got it already, create a guide for their customers on how to improve the default security provided by .NET. After all .NET does have PBKDF2 support, something I really haven't heard any .NET developers understand or use... (raise your hands if you know someone!)
I'll simply challenge @skradel and @klingsen to come up with a blog post or something that
1) documents the different default encryption/hash algorithms available in .NET with default settings
2) Examples of known user/pass/hash/salt (for the obvious purpose of implementing support for it)
3) Provide examples of DOs and DONTs when configuring anything else than default
I guess there are quite a few .NET developers out there that would gain from such information. :-)
I presume episerver will, if they haven't got it already, create a guide for their customers on how to improve the default security provided by .NET. After all .NET does have PBKDF2 support, something I really haven't heard any .NET developers understand or use... (raise your hands if you know someone!)
I'll simply challenge @skradel and @klingsen to come up with a blog post or something that
1) documents the different default encryption/hash algorithms available in .NET with default settings
2) Examples of known user/pass/hash/salt (for the obvious purpose of implementing support for it)
3) Provide examples of DOs and DONTs when configuring anything else than default
I guess there are quite a few .NET developers out there that would gain from such information. :-)