Reputation: 2898
Encrypting and Decrypting strings Current Best Practice
There are a bunch of discussions on here regarding encrypting and decrypting strings but they are all quite a few years old and a lot has changed over the past few years.
For user passwords I use hashing so a password cannot be decrypted.
However, I have a few services I connect to on the back end and need to encrypt a password in a DB so it can be decrypted to run at a later time.
In the past I've used DPAPI. Is that still the "best" way to store this information in a DB?
Upvotes: 1
Views: 155
Answers (1)
Reputation: 3886
The best way is "don't do it". If you keep credentials, someone will eventually steal them.
Most back ends have some way of granting an authorization token of some sort that you can use, so you don't need to keep sending a login/password.
There are "new-er" ways of storing credentials like password vaults, secure storage and various types of hardware-based secure storage, but if your program can extract them as plaintext, an attacker can too.
Check into Kerberos Authentication It uses tickets and encrypted mutual authentication to let devices trust each other, without needing to exchange or store plaintext credentials.
If you're on Windows, look into "Integrated Authentication" which usually uses Kerberos.
Upvotes: 4
Related Questions
- Best practices for encrypting and decrypting passwords? (C#/.NET)
- What's the best way to encrypt short strings in .NET?
- Encrypting and decrypting strings
- Encode and Decode a string in c#
- Best methodology for encrypting a password
- Most efficient cryptography method for encrypting a string
- Encryption/Decryption in .NET
- what is the best method to encrypt and decrypt a value using c#?