https://allenyl30.github.io/tags/security/Recent content in Security on Allen's Dev JournalHugo -- gohugo.ioen-usYuhaoMon, 16 Jun 2025 00:00:00 +0000https://allenyl30.github.io/p/a-tour-of-hash-functions-from-md5-to-argon2-and-beyond/Mon, 16 Jun 2025 00:00:00 +0000https://allenyl30.github.io/p/a-tour-of-hash-functions-from-md5-to-argon2-and-beyond/<img src="https://allenyl30.github.io/p/a-tour-of-hash-functions-from-md5-to-argon2-and-beyond/cover.jpg" alt="Featured image of post A Tour of Hash Functions: From MD5 to Argon2 and Beyond" /><p>In a previous article, we explored the topic of salted password hashing. This time, we&rsquo;ll expand on that by taking a broader look at the world of hash functions.</p> <p>Hash functions are crucial tools in computer science and cryptography, essential for tasks like data integrity verification, digital signatures, and secure password storage. There is a wide variety of hash functions, some common and others less so. This article will introduce several of them, highlighting their characteristics and primary use cases.</p> <h3 id="early-hash-functions">Early Hash Functions </h3><p>When we talk about early hash functions, <strong>MD5</strong> and <strong>SHA-1</strong> are the most widely known. (Of course, even earlier ones like MD4 and SHA-0 exist, but they have long fallen out of use). MD5 and SHA-1 were extremely popular in the 1990s and early 2000s, widely used for file integrity checks, digital signatures, and more.</p> <p>Although they were once ubiquitous, they are no longer recommended for security-sensitive applications due to known vulnerabilities. Despite this, they remain popular. For instance, many software download sites still provide MD5 or SHA-1 checksums for users to verify that their downloaded files are complete and untampered with. This highlights a common phenomenon: even when a technology has known flaws—or even severe vulnerabilities—its popularity can ensure its continued use. It’s similar to the JPG image format, which, despite its shortcomings (no transparency, lossy compression, prone to artifacts), remains one of the most used image formats today.</p> <p>So, what are their security issues? In short, both MD5 and SHA-1 are vulnerable to <strong>collision attacks</strong>. A collision occurs when two different inputs produce the same hash value. This means an attacker could potentially create a malicious file with the same hash as a legitimate one, thereby bypassing integrity checks.</p> <p>Consider the file download verification scenario mentioned earlier. A website tells you a file&rsquo;s hash is <code>d41d</code> (using just the first four characters for simplicity). You download the file, compute its hash, and it matches. Normally, you would feel confident that the file is authentic. However, an attacker could craft a malicious file that also produces the hash <code>d41d</code> and trick you into downloading it instead. After verifying the hash, you would mistakenly trust the file and run a virus. This could also be used to forge certificate files, leading to severe consequences.</p> <p>Even so, executing a collision attack is still computationally expensive. This, combined with MD5&rsquo;s widespread adoption and fast computation speed, means it is still used in many non-security-critical scenarios to quickly verify file integrity.</p> <h3 id="the-sha-2-family">The SHA-2 Family </h3><p>Due to the security flaws in MD5 and SHA-1, the <strong>SHA-2</strong> family (including <strong>SHA-256</strong>, <strong>SHA-384</strong>, <strong>SHA-512</strong>, etc.) emerged as the new standard. SHA-2 functions are more complex in design and offer a much higher level of security. They are widely used in digital signatures, certificate authorities (CAs), and other security-critical areas.</p> <p>When using SHA-2 to store user passwords in a database, it is standard practice to add a random <strong>salt</strong>. This prevents <strong>rainbow table attacks</strong>, where an attacker pre-computes the hashes of common passwords and stores them in a lookup table. By adding a unique salt to each password before hashing, the resulting hashes will be different even if two users have the same password, making such attacks infeasible.</p> <p>Here is a C# example of hashing a password with SHA-256 and a salt:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">System</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">System.Text</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">System.Security.Cryptography</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="kd">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">GenerateSalt</span><span class="p">()</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="c1">// The method below will show an obsoletion warning in modern .NET</span> </span></span><span class="line"><span class="cl"> <span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">rng</span> <span class="p">=</span> <span class="k">new</span> <span class="n">RNGCryptoServiceProvider</span><span class="p">())</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kt">byte</span><span class="p">[]</span> <span class="n">salt</span> <span class="p">=</span> <span class="k">new</span> <span class="kt">byte</span><span class="p">[</span><span class="m">16</span><span class="p">];</span> </span></span><span class="line"><span class="cl"> <span class="n">rng</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="n">salt</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">salt</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="c1">// You should use the following instead:</span> </span></span><span class="line"><span class="cl"> <span class="c1">// return RandomNumberGenerator.GetBytes(16);</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="kd">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">HashPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">salt</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">using</span> <span class="p">(</span><span class="kt">var</span> <span class="n">sha256</span> <span class="p">=</span> <span class="n">SHA256</span><span class="p">.</span><span class="n">Create</span><span class="p">())</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kt">byte</span><span class="p">[]</span> <span class="n">passwordBytes</span> <span class="p">=</span> <span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="n">password</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="kt">byte</span><span class="p">[]</span> <span class="n">saltedPassword</span> <span class="p">=</span> <span class="k">new</span> <span class="kt">byte</span><span class="p">[</span><span class="n">passwordBytes</span><span class="p">.</span><span class="n">Length</span> <span class="p">+</span> <span class="n">salt</span><span class="p">.</span><span class="n">Length</span><span class="p">];</span> </span></span><span class="line"><span class="cl"> <span class="n">Buffer</span><span class="p">.</span><span class="n">BlockCopy</span><span class="p">(</span><span class="n">passwordBytes</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">saltedPassword</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">passwordBytes</span><span class="p">.</span><span class="n">Length</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="n">Buffer</span><span class="p">.</span><span class="n">BlockCopy</span><span class="p">(</span><span class="n">salt</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">saltedPassword</span><span class="p">,</span> <span class="n">passwordBytes</span><span class="p">.</span><span class="n">Length</span><span class="p">,</span> <span class="n">salt</span><span class="p">.</span><span class="n">Length</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">sha256</span><span class="p">.</span><span class="n">ComputeHash</span><span class="p">(</span><span class="n">saltedPassword</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="c1">// Newer .NET versions also provide more convenient static methods, like SHA256.HashData().</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>You would then store both the salted hash and the salt in the database. To verify a password, retrieve the salt from the database, apply it to the user&rsquo;s input, hash it using the same function, and compare it to the stored hash.</p> <p>Don&rsquo;t worry about the salt being exposed. Its purpose is not to be secret but to ensure the uniqueness of each hash, rendering pre-computed tables useless.</p> <h3 id="the-sha-3-family">The SHA-3 Family </h3><p>While SHA-2 resolved the security issues of its predecessors, it is still based on the same Merkle-Damgård construction. Concerned that cryptanalytic techniques could eventually be extended to break the SHA-2 family and with the rise of quantum computing, the U.S. National Institute of Standards and Technology (NIST) released the <strong>SHA-3</strong> standard in 2015.</p> <p>SHA-3 is based on a completely different design philosophy, the <strong>Keccak</strong> algorithm. It not only provides higher security but also offers flexible output lengths (e.g., SHA3-224, SHA3-256, SHA3-384, SHA3-512).</p> <p>However, SHA-3 is not yet widely adopted. It currently serves more as a backup for SHA-2, ready to be deployed if a critical vulnerability is ever found in SHA-2. Furthermore, while it offers excellent security and flexibility, other specialized algorithms are often preferred for specific use cases like password hashing.</p> <h3 id="pbkdf2">PBKDF2 </h3><p>To further increase the difficulty of cracking passwords beyond just adding a salt, we can introduce <strong>iterations</strong>. <strong>PBKDF2</strong> (Password-Based Key Derivation Function 2) is a popular function that does exactly this. It increases the computational work required for a brute-force attack by repeatedly applying a hash function.</p> <p>PBKDF2 takes a password and a salt and runs them through a hash function thousands of times. The more iterations, the more difficult it is to crack. It is commonly used for password storage and key derivation.</p> <p>In C#, you can use the <code>Rfc2898DeriveBytes</code> class to implement it:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span><span class="lnt">8 </span><span class="lnt">9 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">System</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">System.Security.Cryptography</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">System.Text</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="kd">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">HashPasswordWithPBKDF2</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">salt</span><span class="p">,</span> <span class="kt">int</span> <span class="n">iterations</span> <span class="p">=</span> <span class="m">10000</span><span class="p">)</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">using</span> <span class="nn">var</span> <span class="n">pbkdf2</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Rfc2898DeriveBytes</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">iterations</span><span class="p">,</span> <span class="n">HashAlgorithmName</span><span class="p">.</span><span class="n">SHA256</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">pbkdf2</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="m">32</span><span class="p">);</span> <span class="c1">// Generate a 32-byte hash</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="bcrypt-and-argon2">bcrypt and Argon2 </h3><p>Unfortunately, even PBKDF2 can be vulnerable to attacks using modern hardware, especially the massive parallel processing power of GPUs. To address this, more advanced password hashing functions like <strong>bcrypt</strong> and <strong>Argon2</strong> were developed.</p> <p><strong>bcrypt</strong> is a password hashing function based on the Blowfish cipher. It is designed to be slow and computationally intensive. A key feature of bcrypt is its adjustable <strong>cost factor</strong>, which controls the hashing time. Unlike simple iterations, the cost factor is exponential—incrementing it by one doubles the computation time. In C#, you can use libraries like <code>BCrypt.Net-Next</code> to implement bcrypt.</p> <p><strong>Argon2</strong> was the winner of the Password Hashing Competition in 2015 and is considered one of the most secure password hashing functions available today. It is highly configurable, allowing you to tune its memory usage, iteration count, and degree of parallelism to provide robust security. Argon2 comes in three variants: <strong>Argon2d</strong>, <strong>Argon2i</strong>, and <strong>Argon2id</strong>, each designed to protect against different types of attacks. In C#, you can use libraries like <code>Konscious.Security.Cryptography.Argon2</code>.</p> <h3 id="blake2">BLAKE2 </h3><p><strong>BLAKE2</strong> is a relatively new hash function (published in 2013) that strikes an excellent balance between speed and security. It was designed to be faster than MD5 and SHA-1 while providing higher security than SHA-2. It is well-suited for file integrity verification and even password hashing.</p> <p>Its high performance comes from leveraging modern CPU SIMD instruction sets (like SSE2/AVX), making it especially efficient on multi-core processors. It comes in two main versions: <strong>BLAKE2b</strong> (for 64-bit platforms, with a variable output up to 64 bytes) and <strong>BLAKE2s</strong> (for 8- to 32-bit platforms, with a variable output up to 32 bytes). It also includes features like a built-in keying mechanism, optional salt, and personalization strings, making it very versatile.</p> <p>In C#, you can use libraries like BouncyCastle to implement BLAKE2:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">Org.BouncyCastle.Crypto</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="k">using</span> <span class="nn">Org.BouncyCastle.Crypto.Digests</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="kt">var</span> <span class="n">digest</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Blake2bDigest</span><span class="p">(</span><span class="m">512</span><span class="p">);</span> <span class="c1">// Output is 512 bits by default</span> </span></span><span class="line"><span class="cl"><span class="n">digest</span><span class="p">.</span><span class="n">BlockUpdate</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="n">Length</span><span class="p">);</span> </span></span><span class="line"><span class="cl"><span class="kt">var</span> <span class="n">hash</span> <span class="p">=</span> <span class="k">new</span> <span class="kt">byte</span><span class="p">[</span><span class="n">digest</span><span class="p">.</span><span class="n">GetDigestSize</span><span class="p">()];</span> </span></span><span class="line"><span class="cl"><span class="n">digest</span><span class="p">.</span><span class="n">DoFinal</span><span class="p">(</span><span class="n">hash</span><span class="p">,</span> <span class="m">0</span><span class="p">);</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="sm3">SM3 </h3><p>Finally, let&rsquo;s introduce a Chinese national standard hash function: <strong>SM3</strong>. Released by the China State Cryptography Administration in 2010, SM3 is an independently designed hash algorithm that does not rely on foreign standards, which is significant for national and information security.</p> <p>The SM3 algorithm produces a 256-bit hash value and is comparable to SHA-256 in terms of security and efficiency. It is designed to be resistant to collision and preimage attacks and is seeing increasing adoption in China, especially in the finance, government, and defense sectors.</p> <h3 id="summary">Summary </h3><p>The world of hash functions is diverse, with each function having its own strengths. From the early MD5 and SHA-1 to the modern SHA-2, SHA-3, PBKDF2, bcrypt, Argon2, BLAKE2, and SM3, every algorithm was designed with a specific purpose in mind.</p> <p>Here’s a quick guide for common needs:</p> <ul> <li><strong>Data Integrity Verification:</strong> MD5, SHA-1 (for non-critical uses), SHA-2, BLAKE2</li> <li><strong>Password Storage:</strong> PBKDF2, bcrypt, Argon2</li> <li><strong>Digital Signatures:</strong> SHA-2, SHA-3</li> </ul>https://allenyl30.github.io/p/why-you-must-salt-and-hash-passwords-a-journey-to-secure-storage/Thu, 05 Jun 2025 00:00:00 +0000https://allenyl30.github.io/p/why-you-must-salt-and-hash-passwords-a-journey-to-secure-storage/<img src="https://allenyl30.github.io/p/why-you-must-salt-and-hash-passwords-a-journey-to-secure-storage/cover.jpg" alt="Featured image of post Why You Must Salt and Hash Passwords: A Journey to Secure Storage" /><p>The topic of salting and hashing passwords is a fundamental concept in security, but why is it so crucial? This article will guide you through the evolution of password storage, from insecure to secure, to demonstrate the necessity of salted hashing and how to implement it.</p> <p>We&rsquo;ve all heard that passwords should never be stored in plaintext. Instead, they should be hashed, and more specifically, salted and hashed. What is the purpose and necessity of this process? And how can we achieve it in C#? Let&rsquo;s explore these questions by progressing from the least secure to the most secure methods.</p> <h3 id="1-plaintext-storage">1. Plaintext Storage </h3><p>Let&rsquo;s start with the most insecure approach imaginable: storing the password as is.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">User</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Auto-incrementing primary key</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">Username</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">Password</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Plaintext password</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>When we create a new user, the database stores the literal password.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="k">new</span> <span class="n">User</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="n">Username</span> <span class="p">=</span> <span class="s">&#34;admin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">Password</span> <span class="p">=</span> <span class="s">&#34;123456&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">};</span> </span></span></code></pre></td></tr></table> </div> </div><p>This is incredibly dangerous for several reasons:</p> <ul> <li><strong>If the database is local</strong> (e.g., SQLite), anyone who gains access to the database file or decompiles the application to find the connection string can see every user&rsquo;s password.</li> <li><strong>If the database is remote</strong>, attackers have numerous ways to access the data, including SQL injection, leaked SSH keys, exposed database backups, or other server vulnerabilities.</li> </ul> <p>A plaintext password leak is catastrophic. It not only exposes private user information but also enables attackers to perform <strong>credential stuffing</strong> (using the leaked credentials to try and log into other websites). Therefore, storing passwords in plaintext must be avoided under all circumstances.</p> <h3 id="2-simple-hashing-md5--sha1">2. Simple Hashing (MD5 / SHA1) </h3><p>Let&rsquo;s upgrade our code to store a hash of the password using an algorithm like MD5 or SHA1.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">User</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">Username</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">PasswordHash</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// The password hash</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>We can create a helper class to handle hashing and verification:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">PasswordHelper</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">string</span> <span class="n">HashPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">using</span> <span class="nn">var</span> <span class="n">md5</span> <span class="p">=</span> <span class="n">MD5</span><span class="p">.</span><span class="n">Create</span><span class="p">();</span> </span></span><span class="line"><span class="cl"> <span class="kt">var</span> <span class="n">hash</span> <span class="p">=</span> <span class="n">md5</span><span class="p">.</span><span class="n">ComputeHash</span><span class="p">(</span><span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="n">password</span><span class="p">));</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">Convert</span><span class="p">.</span><span class="n">ToBase64String</span><span class="p">(</span><span class="n">hash</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">bool</span> <span class="n">VerifyPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">string</span> <span class="n">passwordHash</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">HashPassword</span><span class="p">(</span><span class="n">password</span><span class="p">)</span> <span class="p">==</span> <span class="n">passwordHash</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>In this method, we hash the password with MD5 and store it as a Base64 string. To verify, we simply hash the user&rsquo;s input and compare it to the stored hash.</p> <blockquote> <p><strong>Info:</strong> Why Base64? Storing the hash as a Base64 string makes it human-readable in the database, unlike a binary BLOB. String-based columns are also often easier and more efficient to index. Many modern hashing algorithms produce string-based outputs by default.</p> </blockquote> <p>A stored password hash might look like this: <code>ISMvKXpXpadDiUoOSoAfww==</code></p> <p>This looks much safer than plaintext. Unfortunately, to an attacker, it&rsquo;s only marginally better. This is because of <strong>rainbow table attacks</strong>. A rainbow table is a massive precomputed lookup table containing the hashes of common passwords. An attacker can compare the hashes in your database against their rainbow table to quickly find the original password.</p> <p>For instance, the hash above corresponds to the plaintext &ldquo;admin&rdquo;. An attacker with a rainbow table could crack this password instantly. Don&rsquo;t underestimate these tables; they can contain billions of entries. Unless your password is very complex, it&rsquo;s likely vulnerable.</p> <p>Furthermore, algorithms like <strong>MD5 and SHA1 are broken</strong>. They are susceptible to <strong>collisions</strong>, where two different inputs produce the same hash value. An attacker might not find your original password, but if they find another string (e.g., &ldquo;qwerty&rdquo;) that produces the same hash, they can use that to log in, as the server only compares the hash values.</p> <h3 id="3-hashing-with-a-salt-sha256">3. Hashing with a Salt (SHA256) </h3><p>To counter these attacks, we need to upgrade our algorithm and introduce a <strong>salt</strong>. We&rsquo;ll use SHA256 (part of the secure SHA-2 family) and a unique, random salt for each user.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">User</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">Username</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">PasswordHash</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kt">string</span> <span class="n">Salt</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// The salt</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>Now, we update our <code>PasswordHelper</code>:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">PasswordHelper</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">string</span> <span class="n">HashPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">salt</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kt">var</span> <span class="n">passwordBytes</span> <span class="p">=</span> <span class="n">Encoding</span><span class="p">.</span><span class="n">UTF8</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="n">password</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="c1">// Combine password and salt</span> </span></span><span class="line"><span class="cl"> <span class="kt">var</span> <span class="n">combinedBytes</span> <span class="p">=</span> <span class="k">new</span> <span class="kt">byte</span><span class="p">[</span><span class="n">passwordBytes</span><span class="p">.</span><span class="n">Length</span> <span class="p">+</span> <span class="n">salt</span><span class="p">.</span><span class="n">Length</span><span class="p">];</span> </span></span><span class="line"><span class="cl"> <span class="n">Buffer</span><span class="p">.</span><span class="n">BlockCopy</span><span class="p">(</span><span class="n">passwordBytes</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">combinedBytes</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">passwordBytes</span><span class="p">.</span><span class="n">Length</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="n">Buffer</span><span class="p">.</span><span class="n">BlockCopy</span><span class="p">(</span><span class="n">salt</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">combinedBytes</span><span class="p">,</span> <span class="n">passwordBytes</span><span class="p">.</span><span class="n">Length</span><span class="p">,</span> <span class="n">salt</span><span class="p">.</span><span class="n">Length</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kt">var</span> <span class="n">hash</span> <span class="p">=</span> <span class="n">SHA256</span><span class="p">.</span><span class="n">HashData</span><span class="p">(</span><span class="n">combinedBytes</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">Convert</span><span class="p">.</span><span class="n">ToBase64String</span><span class="p">(</span><span class="n">hash</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">bool</span> <span class="n">VerifyPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">string</span> <span class="n">passwordHash</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">salt</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">HashPassword</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">salt</span><span class="p">)</span> <span class="p">==</span> <span class="n">passwordHash</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">GenerateSalt</span><span class="p">()</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="c1">// A 16-byte (128-bit) salt is generally sufficient</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">RandomNumberGenerator</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="m">16</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><blockquote> <p><strong>Tip:</strong> Modern versions of .NET provide convenient static methods like <code>SHA256.HashData</code> and <code>RandomNumberGenerator.GetBytes</code>, removing the need to create instances. In the past, you might have seen <code>RNGCryptoServiceProvider</code>, which is now considered obsolete.</p> </blockquote> <p>By combining the password with a unique salt before hashing, every resulting hash is unique, even if two users have the same password. This renders rainbow tables useless.</p> <p>The salt must be stored in the database alongside the hash. During verification, you retrieve the user&rsquo;s salt and hash, apply the same salt to the entered password, and compare the results. Now, even if an attacker gets your database, they can&rsquo;t use precomputed tables to crack passwords.</p> <h3 id="4-using-a-key-derivation-function-pbkdf2">4. Using a Key Derivation Function (PBKDF2) </h3><p>Salting with SHA256 is quite secure, but we can do better. An attacker who has your database can still attempt a <strong>brute-force attack</strong> against each individual password. They can&rsquo;t use a rainbow table, but they can take one user&rsquo;s hash and salt and rapidly try millions of password combinations.</p> <p>To combat this, our next step is to make the hashing process intentionally slow. We can achieve this with a <strong>Password-Based Key Derivation Function (PBKDF2)</strong>. C# provides an implementation in the <code>Rfc2898DeriveBytes</code> class.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">PasswordHelper</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">string</span> <span class="n">HashPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">byte</span><span class="p">[]</span> <span class="n">salt</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="c1">// PBKDF2 with 10,000 iterations and SHA256</span> </span></span><span class="line"><span class="cl"> <span class="k">using</span> <span class="nn">var</span> <span class="n">pbkdf2</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Rfc2898DeriveBytes</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="m">10000</span><span class="p">,</span> <span class="n">HashAlgorithmName</span><span class="p">.</span><span class="n">SHA256</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="c1">// Get a 32-byte (256-bit) hash</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">Convert</span><span class="p">.</span><span class="n">ToBase64String</span><span class="p">(</span><span class="n">pbkdf2</span><span class="p">.</span><span class="n">GetBytes</span><span class="p">(</span><span class="m">32</span><span class="p">));</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="c1">// Other methods remain the same</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><blockquote> <p><strong>Info:</strong> <code>Rfc2898</code> is the standard that specifies PBKDF2. You must specify a hash algorithm in the constructor, as the overload without it is now obsolete.</p> </blockquote> <p>PBKDF2 introduces an <strong>iteration count</strong>. This forces the algorithm to repeat the hashing process thousands of times. The higher the count, the slower the computation, and the more difficult it is for an attacker to brute-force the password. A count of 10,000 is a reasonable starting point today, but this number should increase over time as computing power grows. This drastically increases the cost for an attacker to crack even a single password.</p> <h3 id="5-the-gold-standard-bcrypt-and-argon2">5. The Gold Standard: BCrypt and Argon2 </h3><p>Unfortunately, the arms race continues. Attackers can use specialized hardware like GPUs or FPGAs to accelerate the calculations for algorithms like PBKDF2. This brings us to our heavy hitters: <strong>BCrypt</strong> and <strong>Argon2</strong>. These algorithms are designed to be &ldquo;memory-hard,&rdquo; making them resistant to GPU-based attacks.</p> <p>Let&rsquo;s look at <strong>BCrypt</strong>. Since it&rsquo;s not in the .NET standard library, we can use a popular third-party library like <code>BCrypt.Net-Next</code>.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="k">class</span> <span class="nc">PasswordHelper</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">string</span> <span class="n">HashPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="c1">// The work factor (12) controls the complexity</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">BCrypt</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">BCrypt</span><span class="p">.</span><span class="n">HashPassword</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="m">12</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">bool</span> <span class="n">VerifyPassword</span><span class="p">(</span><span class="kt">string</span> <span class="n">password</span><span class="p">,</span> <span class="kt">string</span> <span class="n">passwordHash</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">return</span> <span class="n">BCrypt</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">BCrypt</span><span class="p">.</span><span class="n">Verify</span><span class="p">(</span><span class="n">password</span><span class="p">,</span> <span class="n">passwordHash</span><span class="p">);</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>Notice that our <code>User</code> class no longer needs a <code>Salt</code> property. BCrypt generates a salt internally and includes it in the final hash string.</p> <p>A BCrypt hash looks like this: <code>$2a$12$lraBT1/lH3RiFXjQbywREutDElnBFaolPOEsDAvo1sjK2iRjwCAUi</code></p> <p>This string contains everything needed for verification: the algorithm identifier (<code>$2a$</code>), the work factor (<code>12</code>), the salt, and the hash. You only need to store this single string in your database.</p> <blockquote> <p><strong>Info:</strong> The <strong>work factor</strong> is a power of 2 that controls the computational cost (e.g., a work factor of 12 means 2¹² = 4096 rounds). The higher the factor, the slower the hashing. A value between 10 and 12 is common today.</p> </blockquote> <p>But what if an attacker is still determined to use their powerful hardware? This is where we bring out our ultimate weapon: <strong>Argon2</strong>.</p> <p>Like BCrypt, Argon2 requires a third-party library, such as <code>Konscious.Security.Cryptography</code>. The implementation details are similar to BCrypt—it also produces a self-contained hash string. However, Argon2 is considered even more secure. It was the winner of the Password Hashing Competition (2013-2015) and is designed to be highly resistant to brute-force attacks by being tunable across three dimensions:</p> <ul> <li><strong>Time cost:</strong> How many iterations to run (CPU-intensive).</li> <li><strong>Memory cost:</strong> How much memory to use (memory-hard).</li> <li><strong>Parallelism:</strong> How many threads to use.</li> </ul> <p>Argon2 comes in three variants:</p> <ul> <li><strong>Argon2d:</strong> Maximizes resistance to GPU cracking attacks.</li> <li><strong>Argon2i:</strong> Optimized to resist side-channel attacks.</li> <li><strong>Argon2id:</strong> A hybrid version that provides resistance to both side-channel and GPU attacks. It is the recommended choice for general-purpose password hashing.</li> </ul> <p>With a robust algorithm like Argon2, you can be confident that passwords are protected against even the most determined attackers using current technology.</p> <h3 id="conclusion">Conclusion </h3><p>In this article, we journeyed from the dangerously insecure practice of storing plaintext passwords to the modern, robust standards of password hashing. We saw how simple hashing is vulnerable to rainbow tables, how old algorithms are broken by collisions, and how salting defeats precomputation attacks. We then explored how key derivation functions like PBKDF2 and memory-hard functions like BCrypt and Argon2 raise the cost of brute-force attacks.</p> <p>In practice, your choice of algorithm depends on your security requirements.</p> <ul> <li>For a small, low-risk project, <strong>SHA256 with a strong, unique salt</strong> is a decent baseline that is easy to implement.</li> <li>For any application where security is a priority, <strong>BCrypt</strong> or, even better, <strong>Argon2</strong> should be your go-to choice. They represent the current best practice for securing user passwords.</li> </ul>