Menu
Currently it seems default is set to PasswordHasherCompatibilityMode.IdentityV2 which is HMAC-SHA1 in ASP.NET 5. I tried to create a instance of PasswordHasherOptions to add to services (DI) but could not get it to work.
V3 uses PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
I hope this would be as easy as some configuration setting in future rather than having to implement custom implementation since all the code is already there.
Update:
services.Configure<PasswordHasherOptions>(options => options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV3);
584
ASP.NET Core Identity and password hashing When a user registers with the app, they provide a username and password (and any other required information). The app will create a hash of the password, and store it in the database along with the user's details.
ASP.NET Identity is Microsoft's user management library for ASP.NET. It includes functionality such as password hashing, password validation, user storage, and claims management. It usually also comes with some basic authentication, bringing its own cookies and multi-factor authentication to the party.
The default shouldn't be V2, the default is the newer format, as you can see in https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNetCore.Identity/PasswordHasherOptions.cs
/// <remarks>
/// The default compatibility mode is 'ASP.NET Identity version 3'.
/// </remarks>
public PasswordHasherCompatibilityMode CompatibilityMode { get; set; } =
PasswordHasherCompatibilityMode.IdentityV3;
If the first byte of the hashed password is 0x01 then it's a version 3 hash.
If you're seeing 0x00 then either it's configured elsewhere in your code, or there's a bug, in which case please log it on GitHub.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
