Password - Salt- Hash algorithms

It would be interesting to see how the CRM can be used to store the Salt and how the SHA algorithms work seamless. I will give bulletin points here and more can be found either online or I will expand when I get time.

As we all know Contacts can be used to login to the third party portal either developed in ASP webpages or MVC architecture using angular in contrast to CRM Portals.

I would follow the below approach:

Create a custom field called "SecretPhase" within contacts.

Generate the random number/salt with RNGCryptoServiceProvider available in System.Security.Cryptography.

Once the user have chosen the password of choice with password requirements satisfied, I would create hash based on SHA1 using Rfc2898DeriveBytes and returns byte[] with the below code

using (Rfc2898DeriveBytes sha1hash = new Rfc2898DeriveBytes (UserTypedPasswordClearText, RandomSalt)){

sha1hash.IterationCount = 2;

return sha1hash.GetBytes(HashBytesCouldBeAnyINT);

Now the hash is generated in Runtime and will be stored in "SecretPhase" clear field in CRM

When the user logs back in again after registration, the user will type the user name and the password, this cleartext password and parsed Salt will be sent again to get the new HASH and the new hash will be compared against the one stored in the CRM in secretPhase. If compared YES, access given to the portal and CRM area and if not, access will be denied

Note: Salt and Hash can either be stored at the same place or differently in different entities. If you are using the Dynamics 365 Cloud instance, I would use the same keeping in view of the security.