Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Encrypting Passwords

Reply
Thread Tools

Encrypting Passwords

 
 
=?Utf-8?B?VGF5bw==?=
Guest
Posts: n/a
 
      05-27-2004
How do I encrypt passwords before saving in the database

 
Reply With Quote
 
 
 
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      05-27-2004
Here's a concise article on hashing passwords:
http://www.aspnetpro.com/NewsletterA...200304so_l.asp

And here's some articles using other encryption techniques:
http://www.fawcette.com/vsm/2002_08/...us/default.asp
http://www.devx.com/security/article/7019

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net


"Tayo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> How do I encrypt passwords before saving in the database.
>



 
Reply With Quote
 
 
 
 
Eliyahu Goldin
Guest
Posts: n/a
 
      05-27-2004
Tayo,

The recommended way of storing passwords is hashing. Hashing works one way,
you can't calculate the actual password out of hash value. DotNet implements
hashing in function
System.Web.Security.FormsAuthentication.HashPasswo rdForStoringInConfigFile

You might want to use salt values for better security. Look at
http://www.microsoft.com/downloads/d...C-BF9C6593F25E
for the full explanation.

Eliyahu

"Tayo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> How do I encrypt passwords before saving in the database.
>



 
Reply With Quote
 
Nick Gilbert
Guest
Posts: n/a
 
      05-27-2004
> The recommended way of storing passwords is hashing.

Don't forget that if you choose to store the password as a hash, you
will never be able to remind the user of their password (there is no way
to get the password out of the hash). Instead you will need to provide a
reset password feature which perhaps, changes the password to random
chars and e-mails it to them.

Nick...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypting 6-8+ character strings (passwords) Ben Knight Ruby 0 02-08-2009 09:03 PM
Encrypting long passwords TheDeerHunter Perl Misc 5 03-26-2007 02:35 PM
encrypting passwords anonymous@coolgroups.com Java 2 04-15-2004 08:26 AM
Encrypting passwords using Java Andy Grove Java 8 02-14-2004 06:15 PM
Impersonation Question - Encrypting Passwords Elliot M. Rodriguez ASP .Net 0 11-04-2003 08:58 PM



Advertisments