What is the most standard encryption technique used in sql server for asp.net c# enterprise level application? . i am talking with respect to standards like md5 or sh1 etc, hashing
+2
A:
What you describe is called hashing, not encryption.
I think you can use some form of SHA-2, possibly after concatenating with a 'salt' string. Most common platforms provide built-in functions for such hashing algorithms. Details: http://en.wikipedia.org/wiki/SHA-2
Reasamp
2010-05-28 10:40:06
+1
A:
I've generally found Md5 (with salt) to be quite common.
However
I've seen time and time again, where the login page(s) are done via standard http! This is a bigger concern then someone hacking into web-server/ SQL box and getting hold of the passwords.
Read about the Cookiemonster Attack for more information regarding 'Man in the Middle' type security issues.
Darknight
2010-05-28 11:07:23
+1
A:
- Enterprise applications don't store passwords. They use NTLM/Kerberos integrated security and rely on impersonation and constrained delegation to secure access end-to-end.
- Hashing and/or encryption as a means to protect against accidental media loss is much better served with Transparent Data Encryption, which encrypts an entire database transparently.
- Password hashing against a compromised host disclosure of passwords which opens the potential of password reuse on unrelated sites can use built-in hashing functions like
HashBytes. As long as the hash is properly used (correctly salted). But with a compromised host the battle is already lost.
Remus Rusanu
2010-05-28 17:07:43