Open
Description
Hello,
At my company, we have extremely strict supply chain security requirements. Using a non-Microsoft 3rd party library is unacceptable for our use case. Maintaining our own password hashing implementation would be unwise.
ASP.NET has supported only PBKDF2 for as far as I can remember, and it is long ovedue to have a more appropriate, modern, and secure password hashing implementation. In an ideal world this would be maintained within the codebase alongside it, and would ideally be something like Argon2id.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment