A Secure Password Hashing Implementation for PCLs
Almost every software has to deal with some kind of user/identity management – be it desktop applications that usually should integrate with the operating system’s and/or business environment’s identity and authentication concepts or be it cloud based/mobile applications or web services that need to be able to control access on their own behalf.
The issue will even become more important in the near future, because the number of mobile users grows at a high rate, and at the same time we can read almost every day about stolen passwords and hacked websites. Also, the activities of Intelligence services around the world don’t really make one feel more secure…
So, with mobile application development and cross-platform compatibility in mind, I fired up my favorite search engine and was looking for a password hashing implementation that met the following requirements:
- PCL – compatible
- Easy to use
- And, of course, being cryptographically as secure as possible
To my surprise, I found nothing that met all the above requirements and was usable out of the box. What I did find were various different components, that had to be re-combined into a new class (called PasswordHash
).