Password Encryption / Hashing

Question

I have a login application in C# that I need to store ciphered values in the password column of a database. What is the best way to achieve this? Hash algorith? Obviously I need to compare the value from the database with the entered plain text on my login screen to see if they are the same before validating login. I just want to prevent users seeing plain text passwords that have access to view the database. cheers

Ananth G · Answer

Encryption Sometimes we want to encrypt the values that time we use MD5 Encryption and Decryption Here i give the code for Encryption and Decryption. passPhrase saltValue initVector this variables are the key for Encryption and Decryption public static string passPhrase = YOUR KEY1; public static string saltValue = YOUR KE2; public static string initVector = YOUR KE3; public static string FunForEncrypt(string objText) { int keySize = 256; int passwordIterations = 03; string hashAlgorithm = MD5; byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector); byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue); byte[] plainTextBytes = Encoding.UTF8.GetBytes(objText); PasswordDeriveBytes password = new PasswordDeriveBytes ( passPhrase saltValueBytes hashAlgorithm passwordIterations ); byte[] keyBytes = password.GetBytes(keySize / 8); RijndaelManaged symmetricKey = new RijndaelManaged(); symmetricKey.Mode = CipherMode.CBC; ICryptoTransform encryptor = symmetricKey.CreateEncryptor ( keyBytes initVectorBytes ); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream ( memoryStream encryptor CryptoStreamMode.Write ); cryptoStream.Write(plainTextBytes 0 plainTextBytes.Length); cryptoStream.FlushFinalBlock(); byte[] cipherTextBytes = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); string cipherText = Convert.ToBase64String(cipherTextBytes); cipherText = HttpUtility.UrlEncode(cipherText); return cipherText; } Decryption : this below code used to Decrypt the text public static string FunForDecrypt(string cipherText) { string plainText = ; int keySize = 256; int passwordIterations = 03; string hashAlgorithm = MD5; try { cipherText = HttpUtility.UrlDecode(cipherText); byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector); byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue); byte[] cipherTextBytes = Convert.FromBase64String(cipherText); PasswordDeriveBytes password = new PasswordDeriveBytes ( passPhrase saltValueBytes hashAlgorithm passwordIterations ); byte[] keyBytes = password.GetBytes(keySize / 8); RijndaelManaged symmetricKey = new RijndaelManaged(); symmetricKey.Mode = CipherMode.CBC; ICryptoTransform decryptor = symmetricKey.CreateDecryptor ( keyBytes initVectorBytes ); MemoryStream memoryStream = new MemoryStream(cipherTextBytes); CryptoStream cryptoStream = new CryptoStream ( memoryStream decryptor CryptoStreamMode.Read ); byte[] plainTextBytes = new byte[cipherTextBytes.Length]; int decryptedByteCount = cryptoStream.Read ( plainTextBytes 0 plainTextBytes.Length ); memoryStream.Close(); cryptoStream.Close(); plainText = Encoding.UTF8.GetString(plainTextBytes 0 decryptedByteCount); } catch (Exception ex) { plainText = ; } return plainText; }

Bikesh Srivastava · Answer

See this code to encrypt and decrypt username and password. I have done already in my application its working fine . private string Encrypt( string clearText) { string EncryptionKey= MAKV2SPBNI99212 ; byte []clearBytes=Encoding.Unicode.GetBytes(clearText); using (Aesencryptor=Aes.Create()) { Rfc2898DeriveBytespdb= new Rfc2898DeriveBytes(EncryptionKey new byte []{0x490x760x610x6e0x200x4d0x650x640x760x650x640x650x76}); encryptor.Key=pdb.GetBytes(32); encryptor.IV=pdb.GetBytes(16); using (MemoryStreamms= new MemoryStream()) { using (CryptoStreamcs= new CryptoStream(msencryptor.CreateEncryptor()CryptoStreamMode.Write)) { cs.Write(clearBytes0clearBytes.Length); cs.Close(); } clearText=Convert.ToBase64String(ms.ToArray()); } } return clearText; } private string Decrypt( string cipherText) { string EncryptionKey= MAKV2SPBNI99212 ; byte []cipherBytes=Convert.FromBase64String(cipherText); using (Aesencryptor=Aes.Create()) { Rfc2898DeriveBytespdb= new Rfc2898DeriveBytes(EncryptionKey new byte []{0x490x760x610x6e0x200x4d0x650x640x760x650x640x650x76}); encryptor.Key=pdb.GetBytes(32); encryptor.IV=pdb.GetBytes(16); using (MemoryStreamms= new MemoryStream()) { using (CryptoStreamcs= new CryptoStream(msencryptor.CreateDecryptor()CryptoStreamMode.Write)) { cs.Write(cipherBytes0cipherBytes.Length); cs.Close(); } cipherText=Encoding.Unicode.GetString(ms.ToArray()); } } return cipherText; } mark as answer if resolve your problem.