How can I encrypt userid and password from user?

Question

I want to save userid and password in a MySql database for my WinForms project. One of my friends told me that this is not secure; I should encrypt and save that. I don't know about encryption.

How can I do this?

Answer 1

Usually passwords are not stored in database at all. Instead hash of the password is stored. You can take a look at SHA156 class for example.

There are plenty articles in the web on how to hash passwords.
For example Storing Passwords - done right!

Answer 2

Note that your friend is telling you to encrypt it, which is different from storing a hash (computed using a cryptographic hash function) in the table.

If you encrypt and store it, you will be able to retrieve the password if you have the key.

If you store a secure hash of a password, you can tell if a string is the same as the password or not by hashing the string and comparing the hash in the table.

I did a search and found this answer from another SO question which explains in greater detail why you should be using a hash (of a secure variety) as opposed to encrypting the password.

Last but not least, whether encrypting or secure hashing, be sure to use a publicly tested libraries and not to "roll your own".