Storing a SHA512 Password Hash in Database?

SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, if you so wished If you want to handle the hash outside your application is more comfortable to store a Base64 string, as you are doing now. Base64 adds roughly a 33% of constant overhead, so you can expect the string to be always 88 chars That said, ASP.NET has a fairly comprehensive authentication system builtin, which you should use.

SHA512 outputs 512 bits, or 64 bytes. You can store those 64 bytes in a binary column, if you so wished. If you want to handle the hash outside your application is more comfortable to store a Base64 string, as you are doing now.

Base64 adds roughly a 33% of constant overhead, so you can expect the string to be always 88 chars. That said, ASP. NET has a fairly comprehensive authentication system builtin, which you should use.

A byte array in . NET maps directly to BINARY (or VARBINARY) in T-SQL – RickNZ Dec 1 '09 at 23:27 Thanks @RickNZ - much appreciated. – Chris Dec 2 '09 at 6:40 Thanks @Vinko for all of the clarification - I like to own the security model and understand exactly what is going where and know that I can port the usability of the passwords away from ASP.NET at any time - I've been bitten there before.

Maybe misguided, certainly not that I'm a control freak or anything ;) – Chris Dec 2 '09 at 6:44.

Have a look at link text/ if you want to use asp. Net membership. It has very open table structure, so it might be easier to integrate with your current database.

You should not be coding that stuff yourself. Have a look at msdn.microsoft.com/en-us/library/ms99831... or google sql membership provider.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.