Topics: Core
Aug 5, 2014 at 8:04 AM
Edited Aug 5, 2014 at 8:04 AM
Hello I am wondering how far Orchard goes regarding this article:

As I heared it uses ASP.NEt Identity:

is this true?

Thank you in advance for a answer related to the advices in the nakedsecurity article.
Aug 5, 2014 at 9:45 AM
Orchard stores passwords hashed and salted, which is a widely used practice concerned reasonably safe. But:
Aug 6, 2014 at 6:56 AM
Thank you!
Aug 7, 2014 at 12:02 PM
Edited Aug 7, 2014 at 12:33 PM
I read nearly the entire article. Unfortunatley your answer does not provide any details about what algorithm is used. The article talks for example about PBKDF2.

haha. Nice Quote in the end of the article:
"There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.
This does indeed appear to be the case and unfortunately SHA is now firmly in the former category."