Menu
i seemed Confused what i need to do.it a normal login scenario.i storing hashed value of password in database.[Please dont consider What Hashing Function i Using ].At The Login Time user inputs his plain Text Password.Now what i needed to Do is hash this password ,pass it web service Then My DataBase Need to Compare Two Hashed Values.Now what i dont know is.
When i hash the Password at login time with salt.Is it still the same value i get or Something else
Can My dataBase(Sql server 2008) Able to Compare Two Hashed Values if Not then what i need to do.There is no need of Get the Password From Database.
Passing Hashed Password over Web services needs Extra Consideration of Security?
i need to Handle Password Recovery also.and can i use encryption/decryption algorithms here.
Please Suggest What i need to Do .
596
To increase security, it would be better to use a random salt.
The way i use to protect password while storing in the SQL server is that:
Create salt from the password, then generate hash with concatenation of user name and password..
It will make the salt dependent on password and user name. If you are recovering your password then if credentials are correct then you are able to reset the password.
can i use encryption/decryption algorithms ??
As per your encryption method, Create your own algorithm to encrypt and decrypt the password with salt using the .net encryption libraries.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
