04-04-2012, 11:25 PM
Well, @skradel has made his blog post(s): http://zetetic.net/blog/2012/3/29/strong...spnet.html for those interested, with some timings to go with it: https://gist.github.com/2242252
I'll stand by my feature request for implementing specific support for the default (episerver) .NET format (SHA1), but with .NET 4x it will default to SHA256. After talking to episerver (Thx Steve!), there is every reason to believe that current episerver installations are running with the SHA1 hash/salt default.
Although "upgrading" current installations to utilize SHA256 or better, it will require 1) (simple) code changes in current installations, as well as 2) password resets across all users/accounts in order to bring them over to whatever new format you choose to implement. Easier said than done, episerver will most probably recommend and even implement/deploy better .NET settings for their next major version of episerver.
I'll stand by my feature request for implementing specific support for the default (episerver) .NET format (SHA1), but with .NET 4x it will default to SHA256. After talking to episerver (Thx Steve!), there is every reason to believe that current episerver installations are running with the SHA1 hash/salt default.
Although "upgrading" current installations to utilize SHA256 or better, it will require 1) (simple) code changes in current installations, as well as 2) password resets across all users/accounts in order to bring them over to whatever new format you choose to implement. Easier said than done, episerver will most probably recommend and even implement/deploy better .NET settings for their next major version of episerver.