I want to encrypt passwords using the C# WPF. what is the best algorithm (and easy to implement) to use? and I want some example about how to use it ...
+3
A:
Do not try to create your own encryption algorithm rather use the cryptography classes provided in the .NET Framework through System.Security.Cryptography.
For passwords a good solution is to use a oneway encryption like a MD5 hash or SHA1. And when the user enters his/her password you compute the hash and compare it to the stored hash. The advantage of this is that you do not need to worry about how to securely store the key used to encrypt the passwords.
To increase the security of using a one way hash you can apply a salt, this help restrict the effectiveness of certain types of attackes like a dictionary attack etc. I have not read the wiki entry, but I am sure this will provide more detail.
Chris Taylor
2010-07-17 11:52:11
Thanks a lot, I`ve used the MD5 hash before in my graduation project, but I was thinking of a better way of storing passwords.
sikas
2010-07-17 17:44:31
@sikas, when it comes to securely storing passwords I am not aware of anything that is "better" than going with a salted hash. Of course you might have other requirements that a oneway hash does not address, if that is the case you should provide some criteria that you need to meet with your password storage solution.
Chris Taylor
2010-07-17 19:12:22
@Chris Taylor: I`m using access db to store all the data. So the passwords can be stored in a one-way encryption no need to reverse it ... I`ll check the salted hash idea. But do you know if it produce a fixed size string or is it variable sized?
sikas
2010-07-17 20:11:40
The salt is added to the password then the combination is hashed, so the final hash is fixed size where MD5 would be 128 bits (16 bytes), SHA1 160 bits (20 bytes) etc.
Chris Taylor
2010-07-17 21:12:39
@Chris Taylor: Thanks, I think I`m gonna stick to the MD5 as I`ve used it before.
sikas
2010-07-18 00:59:45