A
Alek Davis
Charlie,
If you use passwords for user authentication only, do not use encryption,
use hashing (with salt) instead. If you need to use encryption, in your
particular scenario (Web hosting environment to which you have limited
access), the best you can do is use a tool like CipherLite.NET (see
http://www.obviex.com/cipherlite/). You will need to embed the passphrase
(to generate encryption key) in your code, so if a hacker gets hold of your
assembly, this passphrase can be easily retrieved unless you obfuscate the
assembly using a good commercial obfuscator (and even this will not
guarantee security). Unfortunately, you don't have many options. If you find
a better approach, please post it here; there may be other readers in the
same situation.
Alek
If you use passwords for user authentication only, do not use encryption,
use hashing (with salt) instead. If you need to use encryption, in your
particular scenario (Web hosting environment to which you have limited
access), the best you can do is use a tool like CipherLite.NET (see
http://www.obviex.com/cipherlite/). You will need to embed the passphrase
(to generate encryption key) in your code, so if a hacker gets hold of your
assembly, this passphrase can be easily retrieved unless you obfuscate the
assembly using a good commercial obfuscator (and even this will not
guarantee security). Unfortunately, you don't have many options. If you find
a better approach, please post it here; there may be other readers in the
same situation.
Alek