G
Guest
How do I encrypt passwords before saving in the database
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Steve C. Orr [MVP, MCSD]
Here's a concise article on hashing passwords:
http://www.aspnetpro.com/NewsletterArticle/2003/04/asp200304so_l/asp200304so_l.asp
And here's some articles using other encryption techniques:
http://www.fawcette.com/vsm/2002_08/online/hottips/fergus/default.asp
http://www.devx.com/security/article/7019
http://www.aspnetpro.com/NewsletterArticle/2003/04/asp200304so_l/asp200304so_l.asp
And here's some articles using other encryption techniques:
http://www.fawcette.com/vsm/2002_08/online/hottips/fergus/default.asp
http://www.devx.com/security/article/7019
E
Eliyahu Goldin
Tayo,
The recommended way of storing passwords is hashing. Hashing works one way,
you can't calculate the actual password out of hash value. DotNet implements
hashing in function
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile
You might want to use salt values for better security. Look at
http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E
for the full explanation.
Eliyahu
The recommended way of storing passwords is hashing. Hashing works one way,
you can't calculate the actual password out of hash value. DotNet implements
hashing in function
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile
You might want to use salt values for better security. Look at
http://www.microsoft.com/downloads/...FamilyID=055FF772-97FE-41B8-A58C-BF9C6593F25E
for the full explanation.
Eliyahu
N
Nick Gilbert
The recommended way of storing passwords is hashing.
Don't forget that if you choose to store the password as a hash, you
will never be able to remind the user of their password (there is no way
to get the password out of the hash). Instead you will need to provide a
reset password feature which perhaps, changes the password to random
chars and e-mails it to them.
Nick...
Don't forget that if you choose to store the password as a hash, you
will never be able to remind the user of their password (there is no way
to get the password out of the hash). Instead you will need to provide a
reset password feature which perhaps, changes the password to random
chars and e-mails it to them.
Nick...