Password encryption

Question

I am creating a login screen for an application in C#. In my login screen I am reading the username and password from the database and checking whether the entered username

Answer 1

First: The common approach now is that store the salted hash of the password, instead of the plain-text password itself (SHA-1 and better hashing algorithm are preferred, avoid MD5 because it's not safe any more) . When the user login, you recalculate the hash of the input string, then compare it with string stored in the database.

EDIT: why shouldn't you use encryption for password? Because when the attacker knows the key of encryption, all of you passwords will be exposed (That's very bad). If you using hash, he just can guess one-by-one (and this is not easy). Otherwise, hash algorithms, in general, are faster then encryption, you'll take the performance benefit.

EDIT: why you should store salted hash, instead of a hash? Because hashing algorithms are guaranteed that if you hash identical strings, the result is the same. This may lead to a problem is that, when attacker see the same hash values, he can guess that the texts were the same, and this gives chance for him to get the original password.

Salt means that besides the original text, you put some random text, and therefore, two identical strings will generate different hash values

Take a look at this: http://www.obviex.com/samples/hash.aspx

In case of the user forgets his password, you can use the reset password function, which many sites are using:

1. The user requests a password reset
2. An email contains a special link (include a secret token/PIN) will be sent to registered email address, that allows user to reset his password.
3. A randomly created password will be sent again to user, then he can login and change his password.

UPDATE May 14th 2012: The answer seems to be old, and not completely true. People are moving to more secure hashing-encryption algorithm for storing password. One of notable solution now is bcrypt, and another (new and promising) is scrypt.

The advantage of these encryption? They're slow! Much slower than hashing algorithm. With the power of GPU (for example, CUDA from nVidia), cracking the hash value is not impossible now, and the slowness can make it much harder to crack these encryption.

You can find more about bcrypt at: http://codahale.com/how-to-safely-store-a-password/

Second: You should separate the users table (contains user profiles, such as full name, DoB, address,...) and logins table (Which contains user name and password, and some special attributes). This will lead to better management and reduce the risk of exposing sensitive information