DotNet-302-Core
  • Introduction
  • 1 - Intro and Setup
    • 1.0: Overview
    • 1.1: Setting Up Dev Environment
    • 1.2: Introduction to CLI
    • 1.3: API Project Creation
    • 1.4: Overview of API Project Files
    • 1.5: Adding Other Projects and References
  • 2 - Add Users and Authentication
    • 2.0: Add User Entity and DbContext
    • 2.1: Add Migration and Database
    • 2.2: Salting and Hashing Passwords
    • 2.3: Adding Auth Service
    • 2.4: Registering Auth Service
    • 2.5: Add DTO and AuthController
    • 2.6: Add Register Functionality
    • 2.7: Validating User Submitted Data
    • 2.8: Token Authentication
    • 2.9: Adding Login Functionality
    • 2.10: Testing Login and Authentication
  • 3 - Client-side Login and Register
    • 3.0: Enable CORS
    • 3.1: Angular Layout
    • 3.2: Client-side Login
    • 3.3: NavBar Login Toggle
    • 3.4: Add Register and Home Components
    • 3.5: Add Register Functionality
    • 3.6: Improving Authentication
  • 4 - Improving the User Model
    • 4.0: Extending User Entity
    • 4.1: Run Migration
    • 4.2: Generating Seed Data
    • 4.3: Seeding the Database
    • 4.4: Adding User DTOs
    • 4.5: Adding Extension Method
    • 4.6: Adding User Service
    • 4.7: Adding Users Controller
  • 5 - Displaying Users on the Client
    • 5.0: Adding Components and Routing
    • 5.1: Dropdown Functionality
    • 5.2: Adding Router Guards
    • 5.3: Updating Interfaces
    • 5.4: Retrieving Users from the Database
    • 5.5: Add Member Cards
    • 5.6: Styling Member Cards
    • 5.7: Member Profile
    • 5.8: Adding Route Resolvers
    • 5.9: Layout and Styling Member Profiles
    • 5.10: Adding Photo Gallery
  • 6 - Handling Errors
    • 6.0: Handling Errors in the API
    • 6.1: Handling Errors in Angular
    • 6.2: Adding Alertify
    • 6.3: Using Alertify in Components
  • 7 - Editing Profiles and Uploading Photos
    • 7.0: Member Edit Component
    • 7.1: Profile Template
    • 7.2: Add CanDeactivate Guard
    • 7.3: Persisting Profile Changes
    • 7.4: Hosting Photos on Cloudinary
    • 7.5: Adding PhotoService
    • 7.6: Adding PhotosController
    • 7.7: Adding Photo Upload in Angular
    • 7.8: Setting Main Photo in the API
    • 7.9: Setting Main Photo in Angular
    • 7.10: Displaying Profile Photo in the NavBar
    • 7.11: Updating Profile Photo in NavBar
    • 7.12: Deleting Photos
  • 8 - Pagination, Sorting, and Filtering
    • 8.0: TimeAgo Pipe
    • 8.1: Adding an Action Filter to the API
    • 8.2: Paging in the API
    • 8.3: Paging in the Angular Project
    • 8.4: Filtering in the API
    • 8.5: Filtering in the Angular Project
    • 8.6: Sorting Users
  • 9 - Following Users
    • 9.0: Adding the Follow Entity
    • 9.1: Follow a User in API
    • 9.2: Retrieve Followees in API
    • 9.3: Following Functionality in Angular
    • 9.4: Displaying Followers in Followers Component
  • 10 - Messaging
    • 10.0: Adding Message Entity
    • 10.1: Add Service Method and DTOs
    • 10.2: Add Messages Controller
    • 10.3: Add Inbox and Outbox Service Methods
    • 10.4: Getting Message Threads/Conversations
    • 10.5: Building the Message Component in Angular
    • 10.6: Inbox / Outbox Template
    • 10.7: Adding Conversations to MemberDetailComponent
    • 10.8: Sending Messages
    • 10.9: Deleting Messages
    • 10.10: Marking Messages as Read
  • 11 - Appendix
    • 11.0: Wrap-up
    • 11.1: Configuring for Deployment
    • 11.2: Deploying to Azure
    • 11.3: References and Resources
  • Eleven Fifty Style Guide
Powered by GitBook
On this page
  • Hashing
  • Salting
  1. 2 - Add Users and Authentication

2.2: Salting and Hashing Passwords

Previous2.1: Add Migration and DatabaseNext2.3: Adding Auth Service

Last updated 7 years ago

Right now, if we add users to our database - their password information will be saved in plain text. This is a big security vulnerability. In this module we'll learn how to protect sensitive information in our databases.

Hashing

We'll start by hashing passwords entered into the database.

This will encrypt the string using an algorithm (SHA 512 in this case) into a series of hexadecimals.

password

becomes:

b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86

Looks good, right? Now our password is protected!

The problem is - while a human would have a difficult time decoding his - for a computer it is trivial.

and paste in the above hash and click decrypt.

Whoops. That isn't so safe after all.

Another problem is that all passwords that are the same will also share the same hash in our database. A hacker could use a "" of common password hashes.

Salting

To futher protect our passwords, we can add a "salt" before the password is hashed. The salt is randomly generated based on a protected "key."

Now, when the password is hashed with a random salt - the password will result in a different series of bytes each time.

Go to this site
rainbow table