Encrypting password in c#

Question

1.00/5 (1 vote)

See more:

C#2.0

C#

sir!
I want to encrypt a password in winforms to be stored in sqlserver using Csharp.
how can it be possible!

Posted 7-Jan-13 3:56am

tusharkaushik

Add a Solution

Comments

ZurdoDev 7-Jan-13 10:00am

There are tons of examples online, but you can use the System.Security.Cryptography namespace.

Sandeep Mewara 7-Jan-13 10:05am

Tried anything?

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

fjdiewornncalwe · Answer 1 · 2013-01-07T04:04:00

Solution 1

If you want to see one way to do it: Encrypt Password Field in SQL Server, Registry Information & Query String[^]

A better way to do this and the one I would suggest reading: Secure Password Authentication Explained Simply[^]

Posted 7-Jan-13 4:04am

fjdiewornncalwe

Updated 7-Jan-13 4:05am

v2

Comments

__TR__ 7-Jan-13 11:05am

5ed!
Congrats on your first CP MVP :)

fjdiewornncalwe 7-Jan-13 11:48am

Thanks...

tusharkaushik 8-Jan-13 3:03am

but i want to store the details of the newly created users in the encrypted form in the sql server database.
can it be possible ! if yes ! then how cn it be possible!

fjdiewornncalwe 8-Jan-13 10:16am

That's a completely different issue from the question you posed. When it comes to passwords, you never want to encrypt, but rather use hashing. For user information, if you wish to, encryption is the way to go, but even if you encrypt user information, use hashing on the password instead.

Shameel · Answer 2 · 2013-01-07T04:04:00

Don't encrypt passwords, they're vulnerable to decryption and attacks. Hash them instead. Something like this:

C#

using System.Security.Cryptography;

public static string EncodePasswordToBase64(string password)
{  byte[] bytes   = Encoding.Unicode.GetBytes(password);
   byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
   return Convert.ToBase64String(inArray);
}

Christopher Drake · Answer 3 · 2013-01-07T04:06:00

tusharkaushik -

You could add something like this to an existing class:

C#

public static byte[] GetHashKey(string hashKey)
       {
           // Initialize
           UTF8Encoding encoder = new UTF8Encoding();
           // Get the salt
           string salt = !string.IsNullOrEmpty(Salt) ? Salt : "I am a nice little salt";
           byte[] saltBytes = encoder.GetBytes(salt);
           // Setup the hasher
           Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(hashKey, saltBytes);
           // Return the key
           return rfc.GetBytes(16);
       }
public static string Encrypt(byte[] key, string dataToEncrypt)
       {
           // Initialize
           AesManaged encryptor = new AesManaged();
           // Set the key
           encryptor.Key = key;
           encryptor.IV = key;
           // create a memory stream
           using (MemoryStream encryptionStream = new MemoryStream())
           {
               // Create the crypto stream
               using (CryptoStream encrypt = new CryptoStream(encryptionStream, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
               {
                   // Encrypt
                   byte[] utfD1 = UTF8Encoding.UTF8.GetBytes(dataToEncrypt);
                   encrypt.Write(utfD1, 0, utfD1.Length);
                   encrypt.FlushFinalBlock();
                   encrypt.Close();
                   // Return the encrypted data
                   return Convert.ToBase64String(encryptionStream.ToArray());
               }
           }
       }
public static string Decrypt(byte[] key, string encryptedString)
       {
           // Initialize
           AesManaged decryptor = new AesManaged();
           byte[] encryptedData = Convert.FromBase64String(encryptedString);
           // Set the key
           decryptor.Key = key;
           decryptor.IV = key;
           // create a memory stream
           using (MemoryStream decryptionStream = new MemoryStream())
           {
               // Create the crypto stream
               using (CryptoStream decrypt = new CryptoStream(decryptionStream, decryptor.CreateDecryptor(), CryptoStreamMode.Write))
               {
                   // Encrypt
                   decrypt.Write(encryptedData, 0, encryptedData.Length);
                   decrypt.Flush();
                   decrypt.Close();
                   // Return the unencrypted data
                   byte[] decryptedData = decryptionStream.ToArray();
                   return UTF8Encoding.UTF8.GetString(decryptedData, 0, decryptedData.Length);
               }
           }
       }

__TR__ · Answer 4 · 2013-01-07T05:05:00

Solution 4

As pointed out by Shameel and Marcus Its not a good idea to encrypt your password. Here are 2 CP articles you might find helpful
Password Storage: How to do it.[^]
The Art & Science of Storing Passwords[^]

Posted 7-Jan-13 5:05am

__TR__

Comments

tusharkaushik 7-Jan-13 14:31pm

But I have given password already for the logon windows form ! I want to store the newly created users details in sql server. how can it be possible!

__TR__ 8-Jan-13 2:23am

When user enters the password in the login form, you get the hashed value for that password and store it in your database.
For checking if the password is correct you compare the hashed value of the password entered by user with what you had stored in the database.

tusharkaushik 8-Jan-13 3:05am

how can i make the hash key for the password entered by user!

__TR__ 8-Jan-13 3:43am

Go through the 2 articles I included in my solution. It has a sample code in it.

tusharkaushik 8-Jan-13 10:11am

where i can get ur 2 articles.

__TR__ 8-Jan-13 10:59am

Click here[^] and here[^]

Encrypting password in c#

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0