Password encryption in C#?

Question

How can I encrypt and decrypt passwords in C#? Thanks for any help.

Answer 1

UPDATED

See this answer: C# Password Encryption

-- or --

Read this post: http://csharptest.net/470/another-example-of-how-to-store-a-salted-password-hash/

---

There is lots of good and bad information on the internet about storing passwords. You need to know two things:

1. You should use a 'salted' hash to prevent dictionary attacks
2. You use at minimal the SHA256 hash provider

A quick search gave me this sample code: http://www.obviex.com/samples/hash.aspx

and I'd go with this SaltedHash utility class (looks fairly complete at a glance):

http://www.dijksterhuis.org/creating-salted-hash-values-in-c/

Answer 2

First, you're not actually going to save the encrypted password anywhere, rather you'd perform a one-way hash (e.g., SHA) store that hash. Then when you challenge a user for his password, you perform the same hash. If the new hash matches the stored hash, you've got a match.

The difference between a hash and encryption is that with encryption, you can recover the original text, where with a hash you cannot.

Read up on SHA (Secure Hashing Algorithm) and other hashing algorithms. This should give you a good start.

Even better, learn about the built in Membership API in .NET. It's almost trivial to implement and it manages all that unpleasantness about userid's, passwords, logging in, logging out and a lot more for you.