Reputation: 214
Secure Password Programming with .NET
I want to convert a Secure Password in secure hashcode. best method?
like: SHA1,MD5 and any combination ?
string str ="Krishna";
Output:"!#$!$ASDFAS@#$%@";
Upvotes: 3
Views: 1448
Answers (4)
Reputation: 2215
There are different ways to create a random piece of data that can be used for salting. The most common ones are:
- Creating a random GUID by using the
Guidtype - Creating a random string of digits by using the
RNGCryptoServiceProviderclass
To create a new random GUID, we invoke the NewGuid method on the Guid type. Once generated, we simply append the salt to the string to be encrypted.
string saltAsString = Guid.NewGuid().ToString();
For creating a random string of digits by using the RNGCryptoServiceProvider class, we first initialize a provider and a byte array, and then invoke the GetBytes method on our provider instance.
byte[] saltInBytes = new byte[8];
RNGCryptoServiceProvider saltGenerator = new RNGCryptoServiceProvider();
saltGenerator.GetBytes(saltInBytes);
string saltAsString = Convert.ToBase64String(saltInBytes);
The following code is a modified version of the previous snippet to demonstrate salting.
public void HashText()
{
string textToHash = "password";
string saltAsString = Guid.NewGuid().ToString();
byte[] byteRepresentation
= UnicodeEncoding.UTF8.GetBytes(textToHash + saltAsString);
byte[] hashedTextInBytes = null;
MD5CryptoServiceProvider myMD5 = new MD5CryptoServiceProvider();
hashedTextInBytes = myMD5.ComputeHash(byteRepresentation);
string hashedText = Convert.ToBase64String(hashedTextInBytes);
// will display X03MO1qnZdYdgyfeuILPmQ==
MessageBox.Show(hashedText);
}
Upvotes: 4
Reputation: 8885
I would strongly recommend using something like BCrypt instead of SHA1. Using SHA1 is not a great way to store passwords as it is very vulnerable to dictionary attacks, even with a salt. SHA1 is a fast algorithm and is designed to work against large amounts of data, fast. It is possible to calculate millions of hashes per second on even older computers.
BCrypt uses a modified encryption algorithm along with a salt which makes it expensive to calculate a single hash by using something called a work factor. It takes advantage of the fact that the attackers will need to calculate many hashes, while for legitimate verification you only need to calculate one.
Also read the excellent article, How to Safely Store a Password for a more in depth explanation.
Upvotes: 1
Reputation: 21636
This is what the default Membership Provider does:
internal string EncodePassword(string pass)
{
string salt = GenerateSalt();
byte[] bytes = Encoding.Unicode.GetBytes(pass);
byte[] src = Convert.FromBase64String(salt);
byte[] dst = new byte[src.Length + bytes.Length];
Buffer.BlockCopy(src, 0, dst, 0, src.Length);
Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length);
HashAlgorithm algorithm = HashAlgorithm.Create("SHA1");
byte[] inArray = algorithm.ComputeHash(dst);
return Convert.ToBase64String(inArray);
}
internal string GenerateSalt()
{
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[32];
rng.GetBytes(buff);
return Convert.ToBase64String(buff);
}
Upvotes: 1
Reputation: 9003
public static string Cipher(object obj)
{
string j = JSON(obj);
using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
{
aesAlg.Key = System.Text.Encoding.UTF8.GetBytes("salt");
aesAlg.IV = System.Text.Encoding.UTF8.GetBytes("salt");
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(j);
}
byte[] encrypted = msEncrypt.ToArray();
return Convert.ToBase64String(encrypted).Replace('/', '-').Replace('+', '_').Replace("=", "");
}
}
}
}
Upvotes: 1
Related Questions
- md5(wordpress) password encryption in c#
- Use md5 to encrypt the password in asp.net .core
- Password encryption - c#
- ASP.NET Hash password using MD5
- C# Password Encryption
- How to encrypt a password (asp.net c#)
- Is this a good way to encrypt passwords with MD5?
- How to encrypt stored information, using C#?
- md5 encryption in asp.net
- Password Encryption