This is not a PBDKF2 VS SHAXX. its more into understanding why so much people saying “Just use pbkdf2 and dont build something SHAXX.
SO, i have look up in the intrent for more then a day to try to find something of PBKDF2 to see how it works and i was a bit scared about what i found.
In this Site – (http://pastebin.com/nenPj1aM) you can find a class that i found over online that suppose to create a PBKDf2 Password. BUT wait, take a look inside.
Do i see what i think i see ? it is generating password right, but in order to check if password is OK he simpley cut in “:” and gets the salt?
Is that OK?? i was not sure. if someone can explain how this works and if its the way to do that… ?
BTW, how can it send me a true about validatepassword is the hash is changeing every time? how does this work?
Thanks a lot, i really need to find a way to hash password because i am working a project from work and i am already late about it :(.
BTW another question, why not just use SHA256 with a simple salt?