How encrypt password and decript at login table

Question

0.00/5 (No votes)

See more:

Any one know that how to encrypt the password for login Table and how to dycrypt it..
At the the Login Time. ???

[edit]Subject only: DON'T SHOUT. Using all capitals is considered shouting on the internet, and rude (using all lower case is considered childish). Use proper capitalisation if you want to be taken seriously. - OriginalGriff[/edit]

Posted 25-Apr-11 1:26am

Akhilesh Agnihotri

Updated 25-Apr-11 1:37am

OriginalGriff

v3

Add a Solution

2 solutions

Solution 2

To securely store a password so that it can be read back, use the

ProtectedData

class.

public static string ProtectPassword(string password)
{
    byte[] bytes = Encoding.Unicode.GetBytes(password);
    byte[] protectedPassword = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser);
    return Convert.ToBase64String(protectedPassword);
}

public static string UnprotectPassword(string protectedPassword)
{
    byte[] bytes = Convert.FromBase64String(protectedPassword);
    byte[] password = ProtectedData.Unprotect(bytes, null, DataProtectionScope.CurrentUser);
    return Encoding.Unicode.GetString(password);
}

Posted 25-Apr-11 1:36am

ambarishtv

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-04-25T01:35:00

Don't.

Hash it instead. Look at the System.Cryptography namespace, and use SHA hashing to generate a value to store in you database. When you need to check it, hash whatever the user gave you, and compare the hashes. If they are the same, the user can be logged in. If not, he can't.

It is also a good idea to include the username or Id in the data before you hash it, so that two users with the same password do not generate the same hash value.

If you use encryption, you need a key in your code which decrypts it - this posses a big security risk. Hashing does not need a key because it is one-way.

[edit]

I have written up a description of this with appropriate code as a Tip / Trick: Password Storage: How to do it.[^]
It should be available soon, depending on how quickly article moderation is going today!

OriginalGriff
[/edit]