Reputation: 27996
password encrypt/decrypt
I have a users sql server table and I want to make password encrypted and saved in this table using asp.net. I also want that user can get the password on forgot password and edit profile page so I need to decrypt it as well. Which algorithm or encryption techniques do I need to use ?
Please suggest
Upvotes: 1
Views: 8327
Answers (3)
Reputation: 1537
The safest thing to do is to hash the password so that it can't be decrypted - thus no one else will know their password, including you & members of your company. When a user goes to forgot password - generate a temporary one and force them to reset it.
Upvotes: 1
Reputation: 499262
Don't encrypt a password into the database - hash it (using a salt).
Being able to retrieve a password is not something you really need. You need to enable people to log back in. Being able to decrypt a password means you may well be allowing people to know the passwords of your users.
I suggest reading Everything you ever wanted to know about building a secure password reset feature by Troy Hunt. It is a full analysis of the problems and solutions for implementing a secure password strategy.
Upvotes: 9