Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tom Brian Stegmann 25 posts 140 karma points
    Nov 19, 2021 @ 07:55
    Tom Brian Stegmann
    1

    Password Encryption - Umbraco 8

    Hi there!

    Just a quick question here:

    Which methods of encryption are used for the passwords stored in the database regarding (1) Members, and (2) Umbraco Users?

    We're talking Umbraco 8.12.1 here - thank you in advance! :)

    Best regards, Tom

  • Corné Hoskam 80 posts 587 karma points MVP 3x c-trib
    Nov 19, 2021 @ 08:12
    Corné Hoskam
    100

    Hi Tom,

    By default the current latest hashing algorithm used is PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations. This is provided by the Microsoft.AspNetCore.Identity namespace! đŸ˜„

    For more information you can check out the following link to the source code: https://github.com/umbraco/Umbraco-CMS/blob/5bfab13dc5a268714aad2426a2b68ab5561a6407/src/Umbraco.Infrastructure/Security/UmbracoPasswordHasher.cs#L62

    Kind regards,

    Corné

  • Tom Brian Stegmann 25 posts 140 karma points
    Nov 19, 2021 @ 08:23
    Tom Brian Stegmann
    1

    Hi Corné,

    Excellent - thank you for the quick reply. đŸ™‚

    Does that method apply to both Members and Umbraco Users (Umbraco 8)?

    Best, Tom

  • Corné Hoskam 80 posts 587 karma points MVP 3x c-trib
    Nov 19, 2021 @ 08:26
    Corné Hoskam
    1

    Hi Tom,

    That is correct! It is both used by the MemberRepository class that's responsible for hashing the Member passwords when generating a new password, as by the BackOfficeUserStore responsible for the Backoffice users! đŸ™‚

    Kind regards,

    Corné

  • Tom Brian Stegmann 25 posts 140 karma points
    Nov 19, 2021 @ 08:37
    Tom Brian Stegmann
    1

    Thank you for the added clarification, Corné - have a great day! :)

    Best, Tom

Please Sign in or register to post replies

Write your reply to:

Draft