Am I encrypting my passwords correctly in ASP.NET
Posted
by
Nick
on Stack Overflow
See other posts from Stack Overflow
or by Nick
Published on 2011-03-11T08:06:27Z
Indexed on
2011/03/11
8:10 UTC
Read the original article
Hit count: 224
Filed under:
ASP.NET
|encryption
I have a security class:
public class security
{
private static string createSalt(int size)
{
//Generate a random cryptographic number
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] b = new byte[size];
rng.GetBytes(b);
//Convert to Base64
return Convert.ToBase64String(b);
}
/// <summary>
/// Generate a hashed password for comparison or create a new one
/// </summary>
/// <param name="pwd">Users password</param>
/// <returns></returns>
public static string createPasswordHash(string pwd)
{
string salt = "(removed)";
string saltAndPwd = string.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(
saltAndPwd, "sha1");
return hashedPwd;
}
}
This works fine, but I am wondering if it is sufficient enough.
Also, is this next block of code better? Overkill?
static byte[] encrInitVector = new byte[] { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
static string encrKey = "(removed)";
public static string EncryptString(string s)
{
byte[] key;
try
{
key = Encoding.UTF8.GetBytes(encrKey.Substring(0, 8));
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
byte[] inputByteArray = Encoding.UTF8.GetBytes(s);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, encrInitVector), CryptoStreamMode.Write);
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
return Convert.ToBase64String(ms.ToArray());
}
catch (Exception e)
{
throw e;
}
© Stack Overflow or respective owner
