Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to encrypt a password for saving it later in a database or text file?

Tags:

c#

.net

security

I want my application to save the password encrypted in a database or in a text file. How can I do that assuming that the database or text file can be open by anyone?

Duplicate

Encrypting/Hashing plain text passwords in database

Not duplicate I'm asking for code specific for .NET

EDIT: I'm saving the password for later use. I need to decode it and use it to login. It doesn't have to be super secure, it just needs to be unreadable to the human eye, and difficult to decode with a trivial script.

like image 605
Pablo Retyk Avatar asked Feb 12 '09 13:02

Pablo Retyk


2 Answers

StackOverflow readers don't know how to write secure password schemes and neither do you. If you're going to do that, save time by sticking with plain text. From Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes:

Rainbow tables are easy to beat. For each password, generate a random number (a nonce). Hash the password with the nonce, and store both the hash and the nonce. The server has enough information to verify passwords (the nonce is stored in the clear). But even with a small random value, say, 16 bits, rainbow tables are infeasible: there are now 65,536 “variants” of each hash, and instead of 300 billion rainbow table entries, you need quadrillions. The nonce in this scheme is called a “salt”.

Cool, huh? Yeah, and Unix crypt —- almost the lowest common denominator in security systems —- has had this feature since 1976. If this is news to you, you shouldn’t be designing password systems. Use someone else’s good one.

Use BCrypt - Strong Password Hashing for .NET and Mono. It's a single cleanly written .cs file that will continue to meet your needs as password cracking computers get faster.

like image 71
joeforker Avatar answered Nov 16 '22 02:11

joeforker


BCrypt - Strong Password Hashing for .NET and Mono

like image 24
Svish Avatar answered Nov 16 '22 03:11

Svish