Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I like this idea for sites that e.g. use Microsoft ASP.NET Membership where all you can do is set a machineKey attribute about what kind of password hashing to use, and don't support any "old hash vs. new hash" alternatives for changing. Anyone know of an implementation that would do this and "drop in" to an existing ASP.NET site? Or pointers to how to approach developing this?


Don't use ASP.NET membership? I can't get over how much effort they put into MVC ASP.NET and they still carry that cludgy mess around.


Sometimes you have to deal with what you are given.


That's fair, my snark doesn't help with that, as I was in that same position about a year ago and opted to just leave it and pretend it wasn't there.

I'm sure there is a way to improve it, but I don't know how, sorry!




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: