Fixing Insecure Cryptographic Storage in ASP.NET

Note: This post is part of our series on “How to Fix Insecure Cryptographic Storage“. The series contains examples on how to implementing secure cryptography in various programming languages.

As seen below using the following code we can encrypt sensitive values such as passwords in ASP.NET

protected string MySHA512( )
    {
        SHA512 sha512 = new System.Security.Cryptography.SHA512Managed();
        byte[] sha512Bytes = System.Text.Encoding.Default.GetBytes("PasswordToBeEncrypted");
        byte[] cryString = sha512.ComputeHash(sha512Bytes);
        string sha512Str = string.Empty;
        for (int i = 0; i < cryString.Length; i++)
        {
            sha512Str += cryString[i].ToString("X");
        }
        return sha512Str;
    }