I want to give a satisfactory level of security to my system. In my searches I found several functions that create hashs for passwords, but of all of them, what I saw the most recommended were PBKDF2 and BCrypt.
Home
In all searches however, what I saw most was: "If misused, a hash is useless!".
So here's the question, what is the correct way to create a hash using BCrypt, for example?
Follow my code as it currently is:
public static string HashGeneration(string password)
{
// Configurations
int workfactor = 10; // 2 ^ (10) = 1024 iterations.
string salt = BCrypt.Net.BCrypt.GenerateSalt(workfactor);
string hash = BCrypt.Net.BCrypt.HashPassword(password, salt);
return hash;
}
public static bool PasswordCompare(string hash, string password)
{
return BCrypt.Net.BCrypt.Verify(password, hash);
}