encrypt password

elloco999

Well-known member
Joined
Dec 21, 2004
Messages
49
Programming Experience
5-10
Hi,

I have an application that accesses a access db. In the db is a table called tblUser. It has two fields for storing usernames and passwords. Since anyone can open the db, I want to store the passwords encrypted.

I've been trying to figure out how to do this using the System.Security.Cryptography namespace. But all the encryption classes in this namespace use a stream to encrypt/decrypt things. Isn't there an easier way to encrypt the password? It is in a string, so if there is a way to simply encrypt the contents of the string?

And if not, how do I do this using a stream?

Thanks,
El Loco
 

TPM

Well-known member
Joined
Dec 7, 2004
Messages
623
Location
CA
Programming Experience
3-5
This will encrypt or decrypt 'text', it's not super secure, but it's not much overhead.

public function cryption (byval text as string)
dim strtempchar as string
dim i as integer
for i = 1 to len(text)
if asc(mid$(text,i,1)) < 128 then
strtempchar = ctype(asc(mid$(text,i,1)) +128, string)
elseif asc(mid$(text,i,1)) > 128 then
strtempchar = ctype(asc(mid$(text,i,1)) -128, string)
end if
mid$(text,i,1) = chr(ctype(strtempchar,integer))
next i
return text
end function
 

elloco999

Well-known member
Joined
Dec 21, 2004
Messages
49
Programming Experience
5-10
This is just fine for the way I want to use it! Thanks!

Greets,
El Loco
 

yp_prashanth

New member
Joined
Feb 28, 2005
Messages
1
Programming Experience
Beginner
This will encrypt or decrypt 'text', it's not super secure, but it's not much overhead.

public function cryption (byval text as string)
dim strtempchar as string
dim i as integer
for i = 1 to len(text)
if asc(mid$(text,i,1)) < 128 then
strtempchar = ctype(asc(mid$(text,i,1)) +128, string)
elseif asc(mid$(text,i,1)) > 128 then
strtempchar = ctype(asc(mid$(text,i,1)) -128, string)
end if
mid$(text,i,1) = chr(ctype(strtempchar,integer))
next i
return text
end function
 

elloco999

Well-known member
Joined
Dec 21, 2004
Messages
49
Programming Experience
5-10
Just out of curiosity;

yp_prashanth, why did you copy TPM's post? It doesn't add any value, does it?
 

JuggaloBrotha

VB.NET Forum Moderator
Staff member
Joined
Jun 3, 2004
Messages
4,524
Location
Lansing, MI; USA
Programming Experience
10+
TPM said:
T
if asc(mid$(text,i,1)) < 128 then
strtempchar = ctype(asc(mid$(text,i,1)) +128, string)
elseif asc(mid$(text,i,1)) > 128 then
strtempchar = ctype(asc(mid$(text,i,1)) -128, string)
mid$(text,i,1) = chr(ctype(strtempchar,integer))
does the '$' after the mid's serve a purpose? from what i can tell it doesnt, but i figured i should ask just in case that and i'm too lazy to research it at the moment
 

jmcilhinney

VB.NET Forum Moderator
Staff member
Joined
Aug 17, 2004
Messages
14,322
Location
Sydney, Australia
Programming Experience
10+

Rephistorch

Member
Joined
Oct 4, 2005
Messages
16
Programming Experience
3-5
JuggaloBrotha said:
does the '$' after the mid's serve a purpose? from what i can tell it doesnt, but i figured i should ask just in case that and i'm too lazy to research it at the moment
It doesn't anymore. The function was originally mid$ back in just BASIC, but now in .net you no longer need the $ character. As far as I know it was used so the interpreter would know what was a function or something.
 

TrtnJohn

Member
Joined
Feb 8, 2006
Messages
19
Programming Experience
10+
An easy and secure method is to use the SHA256 algorithm on your string. SHA is a one way hashing algorithm that is designed to create a unique hash value for your string. You just save the hash value into the database instead of the password. The next time a user enters his password, just compare the hash value generated from the password entered with the one stored in the database. The .NET runtime has a class called SHA256Managed that will do all the work for you. Here is more info from MSDN:

http://msdn2.microsoft.com/en-us/library/system.security.cryptography.sha256managed.aspx
 

oldbear

Member
Joined
Feb 27, 2006
Messages
19
Location
UK
Programming Experience
5-10
Hi

I'd avoid rolling your own encryption algorithm - every reference on encryption suggests avoiding this.

The cryptography namespaces in .Netoffer a lot of functionality, but you have to know what you're doing. I've written a white paper that gives lots of sample code for using symmetric and asymmetric algorithms:

http://www.charteris.com/publications/whitepapers/default.asp

It's entitled:

Cryptographic Algorithms – Guidance for Developers

and is available for free. It has lots of code samples.

Another option is the Cryptography Application Block that's part of the Microsoft Enterprise Library. Here's an MS presentation showing how to use it:

http://www.pnplive.com/Slides/22MAR2005%20Crypto%20Block%20Webcast.ppt

I'd tend to avoid using the DPAPI for anything other than storing your encryption key. If your server goes down, then you can't recover the data from the database, as the encryption is unique to either the user or the machine it runs on.

Hope this helps

Chris Seary
 
Top Bottom