Q: Hash and salt passwords in C#

D: I was just going through one of DavidHayden's articles on Hashing User Passwords. Really I can't get what he is trying to achieve.

Test Case #8


File ID: #2138588-4-cc


   public static bool CompareByteArrays(byte[] array1, byte[] array2)
{
    if (array1.Length ! = array2.Length)
    {
        return false;
    }
    for (int i = 0; i < array1.Length; i + +)
    {
        if (array1[i] ! = array2[i])
        {
            return false;
        }
    }
    return true;
}

  1. +1 for your book pimping! ;-)
  2. Nifty LINQ statement refactor for CompareByteArrays `return array1.Length == array2.Length && !array1.Where((t, i) => t != array2[i]).Any();`
  3. Technically, yes, but having a _**unique**_ salt for each user renders Rainbow Tables (generally accepted as the most efficient way to crack hashed passwords) practically useless. [This is a quick oveview](http://crackstation.net/hashing-security.htm) gives a in-depth but not overwhelming overview of how to store passwords securely, and why/how it all works.

Comments Quality
Accurate?:
Precise?:
Concise?:
Useful?: