Encrypting Passwords

[Cagez]

I'm storing passwords in a database and don't want some Joe going in and finding out what the passwords are. So I was wondering how I make a one-way encryption to encrypt the password.

Thanks in advanced

[husain]

You can use the MD5 encryption technique. I use this class for encrypting text.

Code:

public class TextEncryption
{
  public TextEncryption()
  {
    // Empty constructor
  }

  public static string MD5(string text)
  {
    byte[] tempSource = ASCIIEncoding.ASCII.GetBytes(text);
    byte[] tempHash = new MD5CryptoServiceProvider().ComputeHash(tempSource);
    return ByteToString(tempHash);
  }

  private static string ByteToString(byte[] input)
  {
    StringBuilder s = new StringBuilder(input.Length);
    for (int i = 0; i < input.Length; i++)
    {
      s.Append(input[i].ToString("X2"));
    }
    return s.ToString();
  }  
}

[Cagez]

Thanks, works great

I'm new to C# and I couldn't get it working, then I realised the 'static' keyword! I kept creating a object And it took me a while to figure you were using System.Text also... What can I say

Thanks again

[husain]

I am so sorry! I forgot to mention what was supposed to be imported. Good you were able to figure it out

[SimonVega]

Just for future reference, I wrote this encryption class that uses the symmetric TripleDES algorithm. Alot of the encryption examples I've seen posted on the web make heavy use of the FileStream. I cut out the file i/o, and use the a MemoryStream as my backing store. You could use this class for tighter encryption.:

Code:

using System;
using System.Text;
using System.IO;
using System.Security.Cryptography;
using Encryption;

namespace Encryption {

    public class TripleDESEncryption {

	public static string EncryptData(string data, out byte[] desKey, out byte[] desIV) {		
   	    MemoryStream output = new MemoryStream();		
	    byte[] byteData = new UnicodeEncoding().GetBytes(data);

  	    //Use the TripleDES symmetric encryption algorithm to encrypt our data. Without an IV, the 			
   	    //same input block of plaintext will encrypt to same output block of ciphertext. IV guarantees 
	    //output of two identical plaintext blocks are different. 
	    TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
	    CryptoStream crypt = new CryptoStream(output, des.CreateEncryptor(), CryptoStreamMode.Write);
		
	    //Assign our crypto-generated key and iv values to our output arguments
	    desKey = des.Key; desIV = des.IV;
	    crypt.Write(byteData, 0, byteData.Length);			

    	    crypt.Close(); output.Close(); 		
	    return new UnicodeEncoding().GetString(output.ToArray());
	}

	public static string EncryptData(byte[] desKey, byte[] desIV, string data) {		
	    MemoryStream output = new MemoryStream();		
	    byte[] byteData = new UnicodeEncoding().GetBytes(data);

   	    //Use the TripleDES symmetric encryption algorithm to encrypt our data. Without an IV, the 			
  	    //same input block of plaintext will encrypt to same output block of ciphertext. IV guarantees 
	    //output of two identical plaintext blocks are different. 
	    TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
	    CryptoStream crypt = new CryptoStream(output, des.CreateEncryptor(desKey, desIV), CryptoStreamMode.Write);
	    crypt.Write(byteData, 0, byteData.Length);			

            crypt.Close(); output.Close(); 		
	    return new UnicodeEncoding().GetString(output.ToArray());
	}

	public static string DecryptData(string data, byte[] desKey, byte[] desIV) {
	    MemoryStream output = new MemoryStream();
	    byte[] byteData = new UnicodeEncoding().GetBytes(data);

  	    //Use the TripleDES symmetric encryption algorithm to decrypt our data. In order for the ciphertext to be
	    //successfully decrypted, the exact same key and iv must be used when initially encryted.
	    TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
	    CryptoStream crypt = new CryptoStream(output, des.CreateDecryptor(desKey, desIV), CryptoStreamMode.Write);
	    crypt.Write(byteData, 0, byteData.Length);

 	    crypt.Close(); output.Close(); 		
	    return new UnicodeEncoding().GetString(output.ToArray());
	}
    }
}

class CipherText {

    static void Main() {
	string password = "secret";
	//*************************
	byte[] key; byte[] iv; 		
	string cif = TripleDESEncryption.EncryptData(password, out key, out iv);
	Console.WriteLine(TripleDESEncryption.DecryptData(cif, key, iv));
	
	//**********************************************************************
        //NOTE: Key and IVector must be 16 bytes each
	//byte[] key = UnicodeEncoding.Unicode.GetBytes("abcdefgh");	
	//string cif = TripleDESEncryption.EncryptData(key, key, password);
	//Console.WriteLine(TripleDESEncryption.DecryptData(cif, key, key));
    }
}

[hellswraith]

SimonVega: What is the AKA 'Lethal' mean in your sig? Are you Lethal under a new name?

[SimonVega]

Yep, thats me..My Lethal account is all screwed up. I can log in but I can't reply or create threads. I've contacted the admins, hopefully I can get this squared away soon..

[hellswraith]

Cool,

My account had gotten screwed up a while back. Didn't know what happened, but I was allowed to recreate the same user name, but post count was lost along with searching for all my past posts....it sucks.

Did you take the MS test yet for .Net? I am still studying and learning. I have a lot to know before I can take them.

[SimonVega]

No, I haven't gotten around to taken any of them yet. I actually just got a new job last week as a C# developer for a software company. I'm part of the UI team for the first few months, so I've been brushing up on the GUI widgets and whatnot. Hopefully, I'll be ready for the windows exam here soon.

[basti42]

hello! SimonVega
ur class has has only 8 chars, how do create more than 8 characters?

[drattansingh]

Probably try Rijndael encryption.

Jennifer.