achieve password encryption

Discussion in 'ASP .Net Security' started by Anton Sommer, Nov 24, 2003.

  1. Anton Sommer

    Anton Sommer Guest

    Hello folks,

    how can I encrypt the password that an user enters in my normal login
    window.


    Thank you

    Anton
     
    Anton Sommer, Nov 24, 2003
    #1
    1. Advertising

  2. Anton Sommer

    Pete Guest

    Hi,
    You might want to try this


    public string GetEncryptedPassword(string sPass)

    {

    return
    FormsAuthentication.HashPasswordForStoringInConfigFile(sPass,"sha1");

    }

    "Anton Sommer" <> wrote in message
    news:bprt45$8p3$07$-online.com...
    > Hello folks,
    >
    > how can I encrypt the password that an user enters in my normal login
    > window.
    >
    >
    > Thank you
    >
    > Anton
    >
    >
     
    Pete, Nov 27, 2003
    #2
    1. Advertising

  3. Anton Sommer

    Anton Sommer Guest

    thank you for responding Pete,


    but can you give me a few more details, I am not understanding how the
    password should be encrypted client wise

    thank you


    Anton
    "Pete" <peted "at" xboxracing dot net> schrieb im Newsbeitrag
    news:...
    > Hi,
    > You might want to try this
    >
    >
    > public string GetEncryptedPassword(string sPass)
    >
    > {
    >
    > return
    > FormsAuthentication.HashPasswordForStoringInConfigFile(sPass,"sha1");
    >
    > }
    >
    > "Anton Sommer" <> wrote in message
    > news:bprt45$8p3$07$-online.com...
    > > Hello folks,
    > >
    > > how can I encrypt the password that an user enters in my normal login
    > > window.
    > >
    > >
    > > Thank you
    > >
    > > Anton
    > >
    > >

    >
    >
     
    Anton Sommer, Nov 28, 2003
    #3
  4. Anton Sommer

    Pete Guest

    Hi Anton,
    Sorry I never comment code ;-(

    All this does is encrypt a client passed string (password).

    You could use this as follows:

    1) User creates an account, you encrypt the password before storing in the
    db with the userId
    2) When a user logs on you encrypt the supplied (logon) password and compare
    it with whats stored in the db.

    All encryption is done on the server not the client so you'd be wise to use
    SSL if your site has sensitive info.

    Hope this helps a bit.

    Pete



    "Anton Sommer" <> wrote in message
    news:bq87vb$d5p$05$-online.com...
    > thank you for responding Pete,
    >
    >
    > but can you give me a few more details, I am not understanding how the
    > password should be encrypted client wise
    >
    > thank you
    >
    >
    > Anton
    > "Pete" <peted "at" xboxracing dot net> schrieb im Newsbeitrag
    > news:...
    > > Hi,
    > > You might want to try this
    > >
    > >
    > > public string GetEncryptedPassword(string sPass)
    > >
    > > {
    > >
    > > return
    > > FormsAuthentication.HashPasswordForStoringInConfigFile(sPass,"sha1");
    > >
    > > }
    > >
    > > "Anton Sommer" <> wrote in message
    > > news:bprt45$8p3$07$-online.com...
    > > > Hello folks,
    > > >
    > > > how can I encrypt the password that an user enters in my normal login
    > > > window.
    > > >
    > > >
    > > > Thank you
    > > >
    > > > Anton
    > > >
    > > >

    > >
    > >

    >
    >
     
    Pete, Dec 1, 2003
    #4
  5. Anton Sommer

    Anton Sommer Guest

    Thanks for responding Pete,

    > All encryption is done on the server not the client so you'd be wise to

    use
    > SSL if your site has sensitive info.
    >


    Well I meant anyway encrypting the password on the way from the client to
    the webserver, so is SSL then the only opportunity there? How could I
    achieve it or are there different solutions to secure the transmission of a
    password on the way from the client to the webserver.


    Thanks

    Anton



    P.S. Ironically in my case it would help a lot to me if the browsers would
    simply display the page as being secure (Key sign or locked lock sign)
     
    Anton Sommer, Dec 2, 2003
    #5
  6. Anton Sommer

    Pete Guest


    > Well I meant anyway encrypting the password on the way from the client to
    > the webserver, so is SSL then the only opportunity there? How could I
    > achieve it or are there different solutions to secure the transmission of

    a
    > password on the way from the client to the webserver.
    >


    I'd say SSL is the way to go as any technology you employ on the client
    could be
    open to abuse. Besides, SSL does it all for "free" for you (apart from a
    slight
    performance overhead)

    A client side solution would probably be script based unless your thinking
    of
    installing assemblies (possible if it's in the intranet though).
    I think client-side code should be kept to a minimum...especially when it's
    security related.

    HTH

    Pete
     
    Pete, Dec 2, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bart Schelkens

    Password encryption

    Bart Schelkens, Aug 18, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    400
    Bart Schelkens
    Aug 18, 2004
  2. KatMagic

    Strong Password encryption program?

    KatMagic, Apr 21, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    1,243
    =?Utf-8?B?YnJpYW5zW01DU0Rd?=
    Apr 21, 2006
  3. =?Utf-8?B?YW5vb3A=?=
    Replies:
    0
    Views:
    438
    =?Utf-8?B?YW5vb3A=?=
    Mar 19, 2007
  4. AAaron123
    Replies:
    2
    Views:
    2,315
    AAaron123
    Jan 16, 2009
  5. AAaron123
    Replies:
    1
    Views:
    1,383
    Oriane
    Jan 16, 2009
Loading...

Share This Page