This short article discusses about modifying the default hashing method to something you wish. By default, the downloaded project uses MD5 hashing, and it is strongly recommended to modify this something more safer. Here are the steps to do this:
- The web.config appSettings section has a key called hasher. This key is used by the blog engine to identify the type of hashing used to store the passwords. This value has to be modified to change the hashing mechanism
- In order to change this, first you need to create a new hasher that implements the IHasher interface.
- A sample can be found in the sBlog.Net.Domain project, under the Hashers folder.
- Now, create a new class file, say ShaHasher within the same folder. Implement the IHasher interface, which has a single method HashString
- Implement your hashing method within the HashString stub.
- Finally, open your web.config and modify the value of the "hasher" key to the fully qualified type name of the new hasher you created
- That's it, any password related activity would now use the new hashing method
- PasswordHelper - This class decides how a password is hahsed. You can also modify this to make your hashing more customized to your needs.
Note that, you CANNOT modify the hasher after you have started using the blog by completing the initial setup, creating the admin user (and possibly other authors).