How can I encrypt the password stored in a database table ?

Discussion in 'ASP .Net' started by Alex Nitulescu, Feb 11, 2005.

  1. Hi. I am writing an app which stores usernames/passwords and email addresses
    in a database table.

    The question is how can I encrypt the password provided by the user ?

    FormsAuthentication.Encrypt produces an encrypted string, but it is for use
    in a ticket.

    On the other hand, FormsAuthentication.HashPasswordForStoringInConfigFile
    produces an encrypted string for use in a config.xml file.
    Anyway, even if I wanted to use this one, how do I reverse it (decrypt it)
    in order to be able to send it to the user in case he requests it (Forgotten
    password) ?

    The second question would be how do I get my application's name ?

    Thanks a lot, Alex.
     
    Alex Nitulescu, Feb 11, 2005
    #1
    1. Advertisements

  2. I think you should hash the password. It's true you can't decrypt it, but
    neither can anybody else, therefore you will never be liable for letting
    people's passwords get stolen.
    Here are the details:
    http://SteveOrr.net/faq/encrypt.aspx
     
    Steve C. Orr [MVP, MCSD], Feb 11, 2005
    #2
    1. Advertisements

  3. Yes, Steve, but in this case how could I provide that "fogotten password"
    feature - I plan to be able to send an email to the user, containing the
    username & password, as most sites do !

    Should I roll up my own encryption/decryption system, then ?
     
    Alex Nitulescu, Feb 11, 2005
    #3
  4. Okay, sorry, Steve, I rushed to answer you BEFORE noticing and therefore
    reading your link. I'll follow the links on the page provided.

    Thanks a lot for your time,
    Alex.
     
    Alex Nitulescu, Feb 11, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.