CODEWITHSUNDEEP
c#visual-studiopasswordsencryption
Farmer
Farmer

Reputation: 10983

Encrypt & Decrypt passwords using C#

I want to create an application that can encrypt and decrypt my passwords using C#.

My idea is simple. I will use Substring to extract each letter from the entered string and I will manipulate the ASCI code and convert it to another letter. I will use the same method to encrypt them.

How difficult is it for someone to decrypt my generated password?

I'm looking for either suggestions or example code.

Upvotes: 1

Views: 6249

Answers (4)

Bradford Hoagland
Bradford Hoagland

Reputation: 291

There is rarely ever a reason to store an encrypted version of a password. That creates a security vulnerability. Instead, it is usually best to store a one-way hash (such as using SHA1) of the password combined with a random salt. Then you always compare the hash of entered passwords against hashes stored in the database, rather than ever actually comparing passwords.

The benefit of this approach is that no one can determine what a user's password is, even if he or she gains access to the database. And the salt makes identical passwords appear different from one another.

The following is an example of the creation of a random salt using the System.Security.Cryptography namespace.

byte[] salt = new byte[10];
RandomNumberGenerator.Create().GetBytes(salt);

You can combine the salt with the password and generate a one-way hash as follows:

byte[]  passwordBytes = new byte[Encoding.UTF8.GetByteCount(password) + salt.Length];  // Create buffer for password bytes and hash
int passwordLength = Encoding.UTF8.GetBytes(password, 0, password.Length, passwordBytes, 0);
salt.CopyTo(passwordBytes, passwordLength);
byte[] hash = null;
using (SHA512Managed hasher = new SHA512Managed()) {
  hash = hasher.ComputeHash(passwordBytes);
}

Store both the hashed password and the salt. When authenticating a user, use the same salt as that used when creating the stored hash to hash the password entered by the user. Compare this new hash to the one in the database.

Upvotes: 3

robert
robert

Reputation: 34398

There are libraries that encrypt data for you. Their encryption algorithms are better than anything you can come up with. Use them.

Upvotes: 2

as-cii
as-cii

Reputation: 13019

In .NET there are a lot of secure ways for encryption. I think that instead of trying to implement yourself a solution you should better take a look at System.Security.Cryptography.

Upvotes: 9

Joel Etherton
Joel Etherton

Reputation: 37523

Caesar cyphers are notoriously insecure. Abandon this method as fruitless. Do more research on password protection.

Upvotes: 8

Related Questions