HOME DOCUMENTATION DOWNLOADS

OrigamUser - how is password hashed

Can you please tell me how are passwords hashed in OrigamUsers table?

We’re using implementation by Brock Allen using PBKDF2 with HMAC-SHA1, 128-bit salt, 256-bit subkey.

Article describing general motivation: How MembershipReboot stores passwords properly | brockallen

Implementation: https://github.com/origam/origam-source/blob/master/Origam.Security.Common/BrockAllen.IdentityReboot/System.Web.Helpers.Crypto.cs