Storing password
-
Hi everybody What is the best method for storing passwords in SQL database through C# ?
Best Regards, Reza Shojaee
-
Hi everybody What is the best method for storing passwords in SQL database through C# ?
Best Regards, Reza Shojaee
-
How can create MD5 hash in C#?
Best Regards, Reza Shojaee
-
Hi everybody What is the best method for storing passwords in SQL database through C# ?
Best Regards, Reza Shojaee
Rather than storing the password, store a hash of it. Encrypt and "salt" the password before modifying it to get the hash. Store this hash. Then, when the user enters their password, create the hash from it and compare it to the hash you have stored in the database. Doing it this way will prevent somebody who gains access to your database from learning any of the passwords, but still gives you the ability to use passwords to secure data and transactions.
-
How can create MD5 hash in C#?
Best Regards, Reza Shojaee
Use Google.
-
You shouldn't use MD5 for new applications - it is officially "broken". Use SHA-512 instead, as it is currently ok until the SHA-1024 spec is released in 2012.
You should never use standby on an elephant. It always crashes when you lift the ears. - Mark Wallace C/C++ (I dont see a huge difference between them, and the 'benefits' of C++ are questionable, who needs inheritance when you have copy and paste) - fat_boy
-
Hi everybody What is the best method for storing passwords in SQL database through C# ?
Best Regards, Reza Shojaee
-
How can create MD5 hash in C#?
Best Regards, Reza Shojaee
Don't use MD5 - it is officially "broken". Use SHA instead. Attached the class I use for SHA handling:
using System;
using System.Text;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security;
using System.IO;namespace UtilityControls
{
/// <summary>
/// Supports SHA2 hash processing
/// NOTE: SHA3 is under developemnt and the specification is due in 2012
/// </summary>
public class SHA2Hash
{
#region Fields
private byte[] _SHA2Data;
/// <summary>
/// Bits in an SHA2 hash
/// </summary>
public const int SHA2Bits = 512;
/// <summary>
/// Bytes in an SHA2 hash
/// </summary>
public const int SHA2Bytes = SHA2Bits / 8;
/// <summary>
/// Size of SHA2Hash string
/// </summary>
public const int Length = SHA2Bytes * 2; // As in SHA2 as a string...
#endregion#region Properties /// <summary> /// Returns the SHA2 hash as a string /// </summary> public string SHA2data { get { StringBuilder sb = new StringBuilder(Length); foreach (byte b in \_SHA2Data) { sb.Append(b.ToString("x2")); } return sb.ToString(); } } #endregion #region Constructors /// <summary> /// Constructs an SHA2 hash from a stream /// </summary> /// <param name="s">stream, data to construct SHA2 from</param> public SHA2Hash(Stream s) { SHA512 shaM = new SHA512Managed(); \_SHA2Data = shaM.ComputeHash(s); } /// <summary> /// Constructs an SHA2 hash from a SecureString /// </summary> /// <param name="ss">SecureString, data to construct SHA2 from</param> public SHA2Hash(SecureString ss) { SHA512 shaM = new SHA512Managed(); if (ss != null) { IntPtr ptr = Marshal.SecureStringToBSTR(ss); byte\[\] bs = Encoding.UTF8.GetBytes(Marshal.PtrToStringAuto(ptr)); \_SHA2Data = shaM.ComputeHash(bs); Marshal.ZeroFreeBSTR(ptr); -
Don't use MD5 - it is officially "broken". Use SHA instead. Attached the class I use for SHA handling:
using System;
using System.Text;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security;
using System.IO;namespace UtilityControls
{
/// <summary>
/// Supports SHA2 hash processing
/// NOTE: SHA3 is under developemnt and the specification is due in 2012
/// </summary>
public class SHA2Hash
{
#region Fields
private byte[] _SHA2Data;
/// <summary>
/// Bits in an SHA2 hash
/// </summary>
public const int SHA2Bits = 512;
/// <summary>
/// Bytes in an SHA2 hash
/// </summary>
public const int SHA2Bytes = SHA2Bits / 8;
/// <summary>
/// Size of SHA2Hash string
/// </summary>
public const int Length = SHA2Bytes * 2; // As in SHA2 as a string...
#endregion#region Properties /// <summary> /// Returns the SHA2 hash as a string /// </summary> public string SHA2data { get { StringBuilder sb = new StringBuilder(Length); foreach (byte b in \_SHA2Data) { sb.Append(b.ToString("x2")); } return sb.ToString(); } } #endregion #region Constructors /// <summary> /// Constructs an SHA2 hash from a stream /// </summary> /// <param name="s">stream, data to construct SHA2 from</param> public SHA2Hash(Stream s) { SHA512 shaM = new SHA512Managed(); \_SHA2Data = shaM.ComputeHash(s); } /// <summary> /// Constructs an SHA2 hash from a SecureString /// </summary> /// <param name="ss">SecureString, data to construct SHA2 from</param> public SHA2Hash(SecureString ss) { SHA512 shaM = new SHA512Managed(); if (ss != null) { IntPtr ptr = Marshal.SecureStringToBSTR(ss); byte\[\] bs = Encoding.UTF8.GetBytes(Marshal.PtrToStringAuto(ptr)); \_SHA2Data = shaM.ComputeHash(bs); Marshal.ZeroFreeBSTR(ptr);FYI, looks like you encoded your ending PRE tag. And you may want to specify a lang attribute on that PRE tag (though I'm sure the code will not be looked at... probably just copy/pasted... so perhaps that's a moot point).
-
Don't use MD5 - it is officially "broken". Use SHA instead. Attached the class I use for SHA handling:
using System;
using System.Text;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security;
using System.IO;namespace UtilityControls
{
/// <summary>
/// Supports SHA2 hash processing
/// NOTE: SHA3 is under developemnt and the specification is due in 2012
/// </summary>
public class SHA2Hash
{
#region Fields
private byte[] _SHA2Data;
/// <summary>
/// Bits in an SHA2 hash
/// </summary>
public const int SHA2Bits = 512;
/// <summary>
/// Bytes in an SHA2 hash
/// </summary>
public const int SHA2Bytes = SHA2Bits / 8;
/// <summary>
/// Size of SHA2Hash string
/// </summary>
public const int Length = SHA2Bytes * 2; // As in SHA2 as a string...
#endregion#region Properties /// <summary> /// Returns the SHA2 hash as a string /// </summary> public string SHA2data { get { StringBuilder sb = new StringBuilder(Length); foreach (byte b in \_SHA2Data) { sb.Append(b.ToString("x2")); } return sb.ToString(); } } #endregion #region Constructors /// <summary> /// Constructs an SHA2 hash from a stream /// </summary> /// <param name="s">stream, data to construct SHA2 from</param> public SHA2Hash(Stream s) { SHA512 shaM = new SHA512Managed(); \_SHA2Data = shaM.ComputeHash(s); } /// <summary> /// Constructs an SHA2 hash from a SecureString /// </summary> /// <param name="ss">SecureString, data to construct SHA2 from</param> public SHA2Hash(SecureString ss) { SHA512 shaM = new SHA512Managed(); if (ss != null) { IntPtr ptr = Marshal.SecureStringToBSTR(ss); byte\[\] bs = Encoding.UTF8.GetBytes(Marshal.PtrToStringAuto(ptr)); \_SHA2Data = shaM.ComputeHash(bs); Marshal.ZeroFreeBSTR(ptr); -
Hi please check this link http://msdn.microsoft.com/en-us/library/system.security.cryptography.md5.aspx thanks
-
Hi everybody What is the best method for storing passwords in SQL database through C# ?
Best Regards, Reza Shojaee
-
Don't use MD5 - it is officially "broken". Use SHA instead. Attached the class I use for SHA handling:
using System;
using System.Text;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
using System.Security;
using System.IO;namespace UtilityControls
{
/// <summary>
/// Supports SHA2 hash processing
/// NOTE: SHA3 is under developemnt and the specification is due in 2012
/// </summary>
public class SHA2Hash
{
#region Fields
private byte[] _SHA2Data;
/// <summary>
/// Bits in an SHA2 hash
/// </summary>
public const int SHA2Bits = 512;
/// <summary>
/// Bytes in an SHA2 hash
/// </summary>
public const int SHA2Bytes = SHA2Bits / 8;
/// <summary>
/// Size of SHA2Hash string
/// </summary>
public const int Length = SHA2Bytes * 2; // As in SHA2 as a string...
#endregion#region Properties /// <summary> /// Returns the SHA2 hash as a string /// </summary> public string SHA2data { get { StringBuilder sb = new StringBuilder(Length); foreach (byte b in \_SHA2Data) { sb.Append(b.ToString("x2")); } return sb.ToString(); } } #endregion #region Constructors /// <summary> /// Constructs an SHA2 hash from a stream /// </summary> /// <param name="s">stream, data to construct SHA2 from</param> public SHA2Hash(Stream s) { SHA512 shaM = new SHA512Managed(); \_SHA2Data = shaM.ComputeHash(s); } /// <summary> /// Constructs an SHA2 hash from a SecureString /// </summary> /// <param name="ss">SecureString, data to construct SHA2 from</param> public SHA2Hash(SecureString ss) { SHA512 shaM = new SHA512Managed(); if (ss != null) { IntPtr ptr = Marshal.SecureStringToBSTR(ss); byte\[\] bs = Encoding.UTF8.GetBytes(Marshal.PtrToStringAuto(ptr)); \_SHA2Data = shaM.ComputeHash(bs); Marshal.ZeroFreeBSTR(ptr);
