in my system, each user must have a username and password...do you know how to encrypt passwords? coz it is not safe to store the passwords in the database as its entered and every DBA see it..
ASP.NET/VB.NETThis's the way i'm using to encrypt passwords, maybe its not powerful way but it works great for me.
Imports System.Web.Security
Dim Password As String = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox2.Text.ToLower(), "sha1");
and then you can save the Passowrd String to you database, and you use the same way to retrieve password from the database.
Hope ths helps
Can you tell me about two-way password encrypting (encrypt/decrypt)?
what if the user asks for his password??I have users create a login/password combo as well as a secret question/answer. I hash the password and the answer. If they forget their password, then they try to answer the secret quesion which will then allow them to change their password. The only other option I give them is to haver their account removed. I am storing personally identifiable information, so that is why I have this strict policy, you may choose to come up with another.
You can make the password and answer more secure by hashing them with a "salt". A salt is a string that you append to the password before hashing. For example, you can hash the password along with the unique identifier that you gave the user. If you don't hash the password with a salt then you run a higher risk of user's passwords being found using a dictionary attack.When I encrypt the password i stored it in a variable with the type byte()
this is the code:
Imports System.Security.Cryptography
Imports System.Text
Function GetMD5(ByVal Text As String)
Dim md5Hasher As New MD5CryptoServiceProvider()
Dim hashedBytes As Byte()
Dim encoder As New UTF8Encoding()
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(Text))
Return hashedBytes
End Function
I tryed to stored the returend value from the function in a string variable ,
but i got an error.. how can i encrypt the password that is entered by the user and
compare it with the one stored in the database?? keeping in minde that the one stored
in the database is encrypted also..
Regards,
NinaWhat error are you getting? You are instantiating a byte array of 0 length, perhaps you should try this.
Imports System.Security.Cryptography
Imports System.Text
Public Function GetMD5(ByVal Text As String) As Byte()
Dim md5Hasher As New MD5CryptoServiceProvider()
Dim encoder As New UTF8Encoding()
Return md5Hasher.ComputeHash(encoder.GetBytes(Text))
End FunctionCan i stored result "Return md5Hasher.ComputeHash(encoder.GetBytes(Text))" in a string variable??
for example:
Dim strResult as string = GetMD5(txtPassword.text)
or i should do something else?
ASP.NET/VB.NETThis's the way i'm using to encrypt passwords, maybe its not powerful way but it works great for me.
Imports System.Web.Security
Dim Password As String = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox2.Text.ToLower(), "sha1");
and then you can save the Passowrd String to you database, and you use the same way to retrieve password from the database.
Hope ths helps
Can you tell me about two-way password encrypting (encrypt/decrypt)?what if the user asks for his password??I have users create a login/password combo as well as a secret question/answer. I hash the password and the answer. If they forget their password, then they try to answer the secret quesion which will then allow them to change their password. The only other option I give them is to haver their account removed. I am storing personally identifiable information, so that is why I have this strict policy, you may choose to come up with another.
You can make the password and answer more secure by hashing them with a "salt". A salt is a string that you append to the password before hashing. For example, you can hash the password along with the unique identifier that you gave the user. If you don't hash the password with a salt then you run a higher risk of user's passwords being found using a dictionary attack.When I encrypt the password i stored it in a variable with the type byte()
this is the code:
Imports System.Security.Cryptography
Imports System.Text
Function GetMD5(ByVal Text As String)
Dim md5Hasher As New MD5CryptoServiceProvider()
Dim hashedBytes As Byte()
Dim encoder As New UTF8Encoding()
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(Text))
Return hashedBytes
End Function
I tryed to stored the returend value from the function in a string variable ,
but i got an error.. how can i encrypt the password that is entered by the user and
compare it with the one stored in the database?? keeping in minde that the one stored
in the database is encrypted also..
Regards,
NinaWhat error are you getting? You are instantiating a byte array of 0 length, perhaps you should try this.
Imports System.Security.Cryptography
Imports System.Text
Public Function GetMD5(ByVal Text As String) As Byte()
Dim md5Hasher As New MD5CryptoServiceProvider()
Dim encoder As New UTF8Encoding()
Return md5Hasher.ComputeHash(encoder.GetBytes(Text))
End FunctionCan i stored result "Return md5Hasher.ComputeHash(encoder.GetBytes(Text))" in a string variable??
for example:
Dim strResult as string = GetMD5(txtPassword.text)
or i should do something else?