Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C#2.0
sir!
I want to encrypt a password in winforms to be stored in sqlserver using Csharp.
how can it be possible!
Posted 7-Jan-13 4:56am
Comments
ryanb31 at 7-Jan-13 10:00am
   
There are tons of examples online, but you can use the System.Security.Cryptography namespace.
Sandeep Mewara at 7-Jan-13 10:05am
   
Tried anything?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

If you want to see one way to do it: Encrypt Password Field in SQL Server, Registry Information & Query String[^]
 
A better way to do this and the one I would suggest reading: Secure Password Authentication Explained Simply[^]
  Permalink  
v2
Comments
__TR__ at 7-Jan-13 11:05am
   
5ed!
Congrats on your first CP MVP :)
Marcus Kramer at 7-Jan-13 11:48am
   
Thanks...
tusharkaushik at 8-Jan-13 3:03am
   
but i want to store the details of the newly created users in the encrypted form in the sql server database.
can it be possible ! if yes ! then how cn it be possible!
Marcus Kramer at 8-Jan-13 10:16am
   
That's a completely different issue from the question you posed. When it comes to passwords, you never want to encrypt, but rather use hashing. For user information, if you wish to, encryption is the way to go, but even if you encrypt user information, use hashing on the password instead.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Don't encrypt passwords, they're vulnerable to decryption and attacks. Hash them instead. Something like this:
 
using System.Security.Cryptography;
 
public static string EncodePasswordToBase64(string password)
{  byte[] bytes   = Encoding.Unicode.GetBytes(password);
   byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
   return Convert.ToBase64String(inArray);
}
  Permalink  
Comments
__TR__ at 7-Jan-13 11:05am
   
5ed!
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

tusharkaushik -
 
You could add something like this to an existing class:
 public static byte[] GetHashKey(string hashKey)
        {
            // Initialize
            UTF8Encoding encoder = new UTF8Encoding();
            // Get the salt
            string salt = !string.IsNullOrEmpty(Salt) ? Salt : "I am a nice little salt";
            byte[] saltBytes = encoder.GetBytes(salt);
            // Setup the hasher
            Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(hashKey, saltBytes);
            // Return the key
            return rfc.GetBytes(16);
        }
 public static string Encrypt(byte[] key, string dataToEncrypt)
        {
            // Initialize
            AesManaged encryptor = new AesManaged();
            // Set the key
            encryptor.Key = key;
            encryptor.IV = key;
            // create a memory stream
            using (MemoryStream encryptionStream = new MemoryStream())
            {
                // Create the crypto stream
                using (CryptoStream encrypt = new CryptoStream(encryptionStream, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
                {
                    // Encrypt
                    byte[] utfD1 = UTF8Encoding.UTF8.GetBytes(dataToEncrypt);
                    encrypt.Write(utfD1, 0, utfD1.Length);
                    encrypt.FlushFinalBlock();
                    encrypt.Close();
                    // Return the encrypted data
                    return Convert.ToBase64String(encryptionStream.ToArray());
                }
            }
        }
 public static string Decrypt(byte[] key, string encryptedString)
        {
            // Initialize
            AesManaged decryptor = new AesManaged();
            byte[] encryptedData = Convert.FromBase64String(encryptedString);
            // Set the key
            decryptor.Key = key;
            decryptor.IV = key;
            // create a memory stream
            using (MemoryStream decryptionStream = new MemoryStream())
            {
                // Create the crypto stream
                using (CryptoStream decrypt = new CryptoStream(decryptionStream, decryptor.CreateDecryptor(), CryptoStreamMode.Write))
                {
                    // Encrypt
                    decrypt.Write(encryptedData, 0, encryptedData.Length);
                    decrypt.Flush();
                    decrypt.Close();
                    // Return the unencrypted data
                    byte[] decryptedData = decryptionStream.ToArray();
                    return UTF8Encoding.UTF8.GetString(decryptedData, 0, decryptedData.Length);
                }
            }
        }
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 4

As pointed out by Shameel and Marcus Its not a good idea to encrypt your password. Here are 2 CP articles you might find helpful
Password Storage: How to do it.[^]
The Art & Science of Storing Passwords[^]
  Permalink  
Comments
tusharkaushik at 7-Jan-13 14:31pm
   
But I have given password already for the logon windows form ! I want to store the newly created users details in sql server. how can it be possible!
__TR__ at 8-Jan-13 2:23am
   
When user enters the password in the login form, you get the hashed value for that password and store it in your database.
For checking if the password is correct you compare the hashed value of the password entered by user with what you had stored in the database.
tusharkaushik at 8-Jan-13 3:05am
   
how can i make the hash key for the password entered by user!
__TR__ at 8-Jan-13 3:43am
   
Go through the 2 articles I included in my solution. It has a sample code in it.
tusharkaushik at 8-Jan-13 10:11am
   
where i can get ur 2 articles.
__TR__ at 8-Jan-13 10:59am
   
Click here[^] and here[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.1411022.1 | Last Updated 7 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100