Hello. Good time
I use bcrypt to encrypt passwords in .net mvc(c#)
In sign-up, I use the following code:
string salt = BCrypt.Net.BCrypt.GenerateSalt(12);
string hashedPassword = BCrypt.Net.BCrypt.HashPassword(enteredPassword, salt);
and At this point, the hashedPassword is stored in the database
The question I have at this stage is whether salt needs to be stored in the database?
I also use the following code in the login:
--hashedPassword is read from the database
bool verify = BCrypt.Net.BCrypt.Verify(password, hashedPassword,false, hashType : HashType.SHA512);
if (verify)
{
}
else
{
}
The next question is whether the verification was done correctly? Should I not use salt at this stage?
I did not use salt in the login
And the last question is whether it is correct to use hashType: HashType.SHA512 and enhancedEntropy: false in the verify function? Are these settings the best settings?