Requesting and hiding passwords

C

crom

Member
Joined
Jul 22, 2006
Messages
5
Programming Experience
10+
I would appreciate a pointer to any advice on handling passwords:
- asking for a password (inputbox, textbox, other)
- hiding the password as it is typed
- encrypting the password in a password file
(Sorry - newbie)
 
Sort by date Sort by votes
You can hash a password and store it in just about any file, .txt/xml/registry etc. If you hash the password that they choose then it won't be possible for anyone to just open the file and read it.The only thing is that you will have to hash every password they use when they login and compare it against the stored hashed password. Theres a link below that explains a bit about hashing.




http://www.obviex.com/samples/hash.aspx
 
Upvote 0 Downvote
If you hash the password it can't be retrieved again, it can then only be compared for verification if user input password again. So in effect the application is not storing the password.

There are several classes in System.Security.Cryptography that will allow to encrypt/decrypt. There is an example for the RijndealManaged class here http://msdn2.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged.aspx (Remember to store the key/iv, these are the unique keys/salt that enable you to decrypt previously encrypted data.)
 
Upvote 0 Downvote
Thanks everyone. I have now implemented a facility using dialogbox/textbox.passwordchar and it works just fine. I'm now reading up on your hash links so I can protect the password file.

One small query: I can't use the big blob (chr(249)) to conceal my passwords as a foreign symbol appears instead. An asterisk is OK though.
 
Upvote 0 Downvote
JohnH said:
If you hash the password it can't be retrieved again, it can then only be compared for verification if user input password again. So in effect the application is not storing the password.
Click to expand...

Maybe i've mis-understood your post, but the impression i get is that you think that using hashing is not a good way to 'conceal' passwords. I personally always use this method for access to sensitive imformation because of the fact that it is 'one way' Using cryptography in the .net framework is ok but it is easier to 'get a hold' of the password if some unscrupulous wanted to do so. I don't want passwords to be retrieved again once they are entered just, as you say, provide a way to compare the entered password and the stored one.
 
Upvote 0 Downvote
vis781, that depends upon if you want a 'remember my password' feature for the application or if you just want it to lock in on a user that must always log in manually. Two altogether different features - and neither exclusive to croms request. But if you choose to hash the password the same data can't be used to 'auto-login' since application then don't know the password.
 
Upvote 0 Downvote

Similar threads

T
  • Question
How to copy textbox1.text to clipboard
Replies
3
Views
323
jmcilhinney
jmcilhinney
J
  • Question
Clickonce - Server connection timed out
Replies
0
Views
901
joefa
J
J
  • Question
Resolved Need help with adapting C DLL function prototype to VB.Net
Replies
2
Views
418
Jarek
J
KenQui
  • Question
Question what is the problem in my code? For Log in.
Replies
3
Views
1K
chrisjlocke1
chrisjlocke1
G
  • Question
Question How to create multiple user accounts in database
Replies
3
Views
2K
chrisjlocke1
chrisjlocke1

Share this page

Latest posts

Back
Top