5 comments on “Using BCrypt in a .NET Application – Why it’s better than SHA or MD5.

  1. Many thanks for your blog. So that I am clear, you only save the hashed password to your database, and not the salt too? When the user logins again, you retrieve the hashed password and run the CheckPassword method?

    • Hi there. When you are using BCrypt, the salt is automatically appended to the hash and saved as a single value.

      You can safely save this to a single column in your database and the salt will be there, and BCrypt will know where to look for it because it uses a delimeter to separate the hash from the salt.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s