Best way of encrypting password in web application

Question

Hi Which is the best way of encrypting password and how to do validation during login.. I mean should be decrypt the password stored in database or encrypt the password entered by user and compare to the encrypted password saved in database?

Datta Kharad · Answer

HI.. You can try this code... EncryptByPassPhrase: EncryptByPassPhrase uses the Triple DES algorithm to encrypt the text passed in. Syntax: ENCRYPTBYPASSPHRASE ('PASSPHRASE'column_name or 'text') In this statement PASSPHRASE specifies the data string to be used to derive an encryption keyand column_name data type shoulb be VarBinary. Creating a table: create table login_details(uid integerusername varchar(10)password varbinary(100)) insert into login_details(uidusernamepassword) values(1'smith'EncryptByPassPhrase('12''XXX')) insert into login_details(uidusernamepassword) values(2'kennal'EncryptByPassPhrase('12''YYY')) insert into login_details(uidusernamepassword) values(3'staurt'EncryptByPassPhrase('12''ZZZ')) select * from login_details Image of login DECRYPTBYPASSPHRASE Encrypted column can be decrypted by using DECRYPTBYPASSPHRASE. DECRYPTBYPASSPHRASE function takes two arguments one is symentric key and column_name. select uidusernameDECRYPTBYPASSPHRASE ('12'password) as Password from login_details select uidusernameconvert(varchar(10)DECRYPTBYPASSPHRASE ('12'password)) from login_details

Datta Kharad · Answer

Suchitra... Don't confuse....!!! Encrypt the password entered by the user (secure way) it is best way for validation....

B M Suchitra · Answer

Datta Ya still in a confusion whether to decrypt the password saved in the database or again encrypt the password entered by the user for validation?

Datta Kharad · Answer

Hi Suchitra... Did u get answer?

Datta Kharad · Answer

Hi.. Yes i got ur problem you can compare two ways... 1) When user will register then password should be encrypted and stored in the database. While comparing user will login then password should be encrypted and compare with password(encrypted format) which was stored in database. (Best way). 2) when user will register then password should be encrypted and stored in the database. While comparing user will login then password should be compare without encrypted but database side password should be decrypted first and compare with entered password(without encrypted). You can implement two ways but best way first case...If you have any problem then inform me ...If you got correct solution then mark as Accepted answer.

Prabhu Raja · Answer

I am not not Datta. I think its better to Encrypt the Entered Password First and Compare to the Password in Database. It will Give Security for both Passwords.

B M Suchitra · Answer

Hi Datta I am asking whether for validation.. I mean when a user login should the password be encrypted and then compared to the password that is saved in the database? or should the password saved in the database should be decrypted and compared to the password entered by the user? which way is correct? Hope u r getting my question

Prabhu Raja · Answer

Hi How to Encrypt and Decrypt a Password Password Policy/Strength ASP .NET Validator Web Control

Datta Kharad · Answer

Yes it is correct.....this is best way to encrypt password......you can use it.

B M Suchitra · Answer

Hi Datta Is it correct to decrypt the password saved in the database for validation?