ASP.NET - How to encrypt password and send it database ?

Asked By aileni giri on 31-Mar-12 07:24 AM
Hi everybody,
   i am sending an password to database  without encrypt  till now...
   but now  i want to encrypt  before i send to database ,after that i have to send to database.

is there any new ways to encrypt the password...except SHA,IDEA..
 ...................... i will wait for ur kind answer...................
  
kalpana aparnathi replied to aileni giri on 31-Mar-12 07:28 AM
hi,

The procedure of Encrypt password and send it to the database:
  1. When updating/inserting the password in the database, first create a hash of its value, and just store that instead.
  2. When a user logs in, create a hash of the password they provide and see if the hashed value is the same is the value stored in the database

For added security, an extra string called "salt" can be added to the value which provide better security.

http://www.codeproject.com/KB/recipes/StoringPasswords.aspx

http://www.codeproject.com/KB/recipes/StoringPasswords.aspx

Hope will Helps!!!!!!!!!!!!!!!!!!

Regards,
dipa ahuja replied to aileni giri on 31-Mar-12 07:48 AM
You can use the ENCRYPT function to encrypt data with the same method used by the WITH ENCRYPTION keyword. There's a rather large problem that I will discuss after the example. To use the ENCRYPT function, use it before the string value as shown below:
SELECT ENCRYPT('TestPW1')
CREATE TABLE Users (
UserID Varchar(10),
UserPW Varchar (20))

INSERT INTO USERS values('TestUser1',ENCRYPT('TestPW1'))
INSERT INTO USERS values('TestUser2',ENCRYPT('TestPW2'))
INSERT INTO USERS values('TestUser3',ENCRYPT('TestPW3'))
INSERT INTO USERS values('TestUser4',ENCRYPT('TestPW4'))


http://msdn.microsoft.com/en-us/library/cc278098(v=sql.100).aspx
http://www.sqlservercentral.com/articles/Security/encryptfunction/372/
aileni giri replied to kalpana aparnathi on 31-Mar-12 07:50 AM
Thanks  Mis............
Devil Scorpio replied to aileni giri on 31-Mar-12 07:08 PM
Hi,

For storage of passwords you should add a salt value and then hash the combination using SHA256. MD5 is a descredited algorithm. When the user enters the password into the logon form, you hash what was entered and compare the result with the stored hash value.

For hash (and encrypt/decrypt) functions please see the common data library at http://www.codeplex.com/CommonData


These functions come with comprehensive unit tests which demonstrate how the functions should be used.
aileni giri replied to dipa ahuja on 02-Apr-12 02:30 AM
thanks Mis.