You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 14, 2017. It is now read-only.
Tom Cryns edited this page Sep 14, 2015
·
10 revisions
MembershipReboot stores passwords hashed. More specifically it uses the PBKDF2 hashing algorithm provided by the Rfc2898DeriveBytes in .NET.
The hashing iteration count defaults to the OWASP recommended value and is determined dynamically (since it's based upon the year). This means this value must be stored per-account, so different users might have a different values.
If desired, the iteration count can be set explicitly either on the SecuritySettings.PasswordHashingIterationCount property on in the config file: