Encryption/Decryption
-
Hi, I want to encrypt a password and store the encrypted version in the database. then when the user logs in, I want to decrypt the user password and match with the entered password. I read about DESCryptoServiceProvider, but still i am not able to understand it. Can someone send a link of article which is easy to understand/provide a piece of code here. It would be great for me. Thanks
-
Hi, I want to encrypt a password and store the encrypted version in the database. then when the user logs in, I want to decrypt the user password and match with the entered password. I read about DESCryptoServiceProvider, but still i am not able to understand it. Can someone send a link of article which is easy to understand/provide a piece of code here. It would be great for me. Thanks
Hi, If you want to store a password in database, I suggest you use a 'One-Way Hash' algorythm. These are un-reversable encryption algorythms, hence the name one-way. Then you follow these steps to authenticate your users: 1. User Registers, Username and Hashed Password are stored in DB. 2. User types in Username and Password. P = password 3. The Software encrypts the Users Password with a One-Way Hash. P1 = Hash(P) 4. The Software queries the database and finds the password of the user (Storing Hashed in the database). P2 = database_pass 5. If the Hashed Pass in the DB and Hashed Pass the user typed in Match, Allow Login. If P1 == P2 then Login else Fail (remeber P1 = Hash(P)) Try this code to generate a one-way hash of a password. ------------------------------------------------------------------------------- private Byte[] GetByteArray( String originalString ) { Char[] charArray = originalString.ToCharArray(); Byte[] byteArray = new Byte[charArray.Length]; for ( int i=0; i /// Creates a one-way SHA1 hash of the pt string /// /// Plaintext to Hash /// Ciphertext string public string Hash(string pt) { //Implement SHA1 Hashing Algorythm (40 Bytes / 320 bits) byte[] data = new byte[40]; byte[] hash = new byte[40]; while (pt.Length % 4 != 0) pt += "g"; data = Convert.FromBase64String(pt); SHA1 sha = new SHA1CryptoServiceProvider(); hash = sha.ComputeHash(data); return Convert.ToBase64String(hash); } ------------------------------------------------------------------------------- Thanx! Dave Shaw History admires the wise, but elevates the brave. - Edmund Morris
-
Hi, If you want to store a password in database, I suggest you use a 'One-Way Hash' algorythm. These are un-reversable encryption algorythms, hence the name one-way. Then you follow these steps to authenticate your users: 1. User Registers, Username and Hashed Password are stored in DB. 2. User types in Username and Password. P = password 3. The Software encrypts the Users Password with a One-Way Hash. P1 = Hash(P) 4. The Software queries the database and finds the password of the user (Storing Hashed in the database). P2 = database_pass 5. If the Hashed Pass in the DB and Hashed Pass the user typed in Match, Allow Login. If P1 == P2 then Login else Fail (remeber P1 = Hash(P)) Try this code to generate a one-way hash of a password. ------------------------------------------------------------------------------- private Byte[] GetByteArray( String originalString ) { Char[] charArray = originalString.ToCharArray(); Byte[] byteArray = new Byte[charArray.Length]; for ( int i=0; i /// Creates a one-way SHA1 hash of the pt string /// /// Plaintext to Hash /// Ciphertext string public string Hash(string pt) { //Implement SHA1 Hashing Algorythm (40 Bytes / 320 bits) byte[] data = new byte[40]; byte[] hash = new byte[40]; while (pt.Length % 4 != 0) pt += "g"; data = Convert.FromBase64String(pt); SHA1 sha = new SHA1CryptoServiceProvider(); hash = sha.ComputeHash(data); return Convert.ToBase64String(hash); } ------------------------------------------------------------------------------- Thanx! Dave Shaw History admires the wise, but elevates the brave. - Edmund Morris
Thanks a lot :)