I previously wrote a post on password security based on Jeff Atwood's post explaining "Rainbow tables". As it turns out, Jeff received a feedback from cryptographer Thomas Ptacek pointing out some corrections to the strategy offered in the original post. The most important idea was using a cryptographically secure hash, meaning hash which expansive in processor time, unlike the common MD5. One alternative is the Bcrypt algorithm, which has a C# implementation from Derek Slager. (thanks...
Jeff Atwood wrote an interesting post on using " Rainbow tables ", which are pre-calculated hashes of a range of possible string to brute-force crack a password database. One of the better methods for stopping someone who has your encrypted password from deducing the unencrypted version is " salting " your passwords before storing them, meaning you concatenate your password string with a long constant string before encoding it, thus making a brute force attack impossible. (unless someone manages...