By default the current latest hashing algorithm used is PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations. This is provided by the Microsoft.AspNetCore.Identity namespace! đŸ˜„
That is correct! It is both used by the MemberRepository class that's responsible for hashing the Member passwords when generating a new password, as by the BackOfficeUserStore responsible for the Backoffice users! đŸ™‚
Password Encryption - Umbraco 8
Hi there!
Just a quick question here:
Which methods of encryption are used for the passwords stored in the database regarding (1) Members, and (2) Umbraco Users?
We're talking Umbraco 8.12.1 here - thank you in advance! :)
Best regards, Tom
Hi Tom,
By default the current latest hashing algorithm used is PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations. This is provided by the Microsoft.AspNetCore.Identity namespace! đŸ˜„
For more information you can check out the following link to the source code: https://github.com/umbraco/Umbraco-CMS/blob/5bfab13dc5a268714aad2426a2b68ab5561a6407/src/Umbraco.Infrastructure/Security/UmbracoPasswordHasher.cs#L62
Kind regards,
Corné
Hi Corné,
Excellent - thank you for the quick reply. đŸ™‚
Does that method apply to both Members and Umbraco Users (Umbraco 8)?
Best, Tom
Hi Tom,
That is correct! It is both used by the MemberRepository class that's responsible for hashing the Member passwords when generating a new password, as by the BackOfficeUserStore responsible for the Backoffice users! đŸ™‚
Kind regards,
Corné
Thank you for the added clarification, Corné - have a great day! :)
Best, Tom
is working on a reply...