less than 1 minute read

If you are using a hash to hide the value of a password then it is a good idea to throw in a salt so that two people with the same password will have different values stored. It also increases the amount of work necessary to perform a dictionary attack on the passwords.

In the Security Briefs article in MSDN Magazine August 2003, Keith Brown provides a SaltedHash class that does the job nicely to save you few minutes writing it yourself.

The only change I made was to substitute SHA1CryptoServiceProvider with SHA1Managed to avoid leaving managed code (SHA1CryptoServiceProvider is implemented using CAPI).

Updated: