Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Password management
Message
From
27/05/2013 23:11:50
Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada
 
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: Password management
Environment versions
Environment:
VB 9.0
OS:
Windows 7
Network:
Windows 2003 Server
Database:
MS SQL Server
Application:
Web
Miscellaneous
Thread ID:
01574811
Message ID:
01574893
Views:
36
>You shouldn't really be storing the password itself (or even the encrypted password), but rather a hash of the password. And ideally another field for the salt. So if you used something like SHA1 you'd need a field that could store 160 bits (SHA1 is fixed size, regardless of the input string). I'd probably use something like a GUID for the salt (each user records gets its own unique salt), then store HASH(Salt + Password) in the database. Now the user can enter any length password they like and your code will still work.
>
>As far as password policies go, I usually just use whatever password KeePass automatically generates; it appears it's a 20 character string with upper/lower case, numbers, and special characters. Or if it's a password I really need to remember I tend to use pass phrases with odd case changes and/or alt. characters.

Thanks
Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform