Mar 30, 2012 at 4:04 AM

Is the crypto class a work in progress? There seem so be quite a few unused properties and methods?

Is the current implementation fully secure?


Mar 30, 2012 at 8:37 AM

No, the class is released as part of ASP.NET MVC3 RTM source code used in Simple Membership Provider from the WebMatrix Data namespace. So it may have few additional properties and functions which are not used here currently, like token generation etc. You are free to remove unused parts or implement them as needed. The current hash password implementation should be fully secure.