How to Hash Passwords

Commerce Server 2007
For the latest version of Commerce Server 2007 Help, see the Microsoft Web site .

Hashing passwords is a way of taking a variable-length password and creating a cryptic, fixed-length password from it. You do this by generating and using a salt value . A salt value is a random value that you use to generate the hashed password.

This topic shows how to generate salt values and hash passwords. These functions are referenced in the topic How to Validate Passwords .

To hash a password

  1. Create a new function called GenerateSaltValue that returns a salt value.

  2. Type code that generates random values based on UTF-16 encoding and the system time.

  3. Create a new function called HashPassword that hashes a password by using the salt value.

  4. Type code that hashes the password, puts it into an array of bytes, and returns the salt value plus the hashed password.