Encrypting and Hashing User Passwords
Both of the default Membership providers included in the ASP.NET Framework enable you to store user passwords in three ways:
• Clear— Passwords are stored in clear text.
• Encrypted— Passwords are encrypted before they are stored.
• Hashed— Passwords are not stored. Only the hash values of passwords are stored. (This is the default value.)
You configure how passwords are stored by setting the
passwordFormat attribute in the web configuration file. For example, the web configuration file in Listing 27.18 configures the
SqlMembershipProvider to store passwords in plain text.
The default ...