== How to fix it in .NET

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
using System.Security.Cryptography;

public static void hash(string password)
{
    var salt = Encoding.UTF8.GetBytes("salty");
    var hashed = new Rfc2898DeriveBytes(password, salt); // Noncompliant
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
using System.Security.Cryptography;

public static void hash(string password)
{
    var hashed = new Rfc2898DeriveBytes(password, 16);
}
----

=== How does this work?

include::../../common/fix/salt.adoc[]

include::../../common/fix/auto-salt.adoc[]