0

thinking of making a little modification to my login form instead of putting the pasword in my code as a variable is there a way i can encrypt it and store it in a text file so every time i want to login it compares the the password from the text file??

private void button1_Click(object sender, EventArgs e)
        {
            string username1 = "Richard";
            string password1 = "Peugeot";

            if (this.textBox1.Text == username1 && this.textBox2.Text == password1)
            {
                MessageBox.Show("Welcome Richard!", "Welcome");
                Form1 frm = new Form1();
                frm.Show();
                this.Hide();
            }
            else
                MessageBox.Show("Incorrect username or password", "Bad credentials");
        }
alexzandria
  • 39
  • 1
  • 5
  • 1
    Basicly, you're looking for string encryption, which is well documented, see [Encrypt/Decrypt string in .NET](http://stackoverflow.com/questions/202011/encrypt-decrypt-string-in-net). – w5l Apr 16 '13 at 07:31
  • 1
    Have you googled yourself at least for a second, and what have you tried so far. (oh, and as anwser to you question yes, thats possible) – Bart Teunissen Apr 16 '13 at 07:31

3 Answers3

2

You sure can, simply write the password SHA1 - or better - SHA2-encrypted in your file and compare it everytime (thanks J. Steen for metioning!), but I strongly encourage you to not do this - this is not secure at all.

akluth
  • 8,393
  • 5
  • 38
  • 42
  • 1
    And even for an insecure method like this, please don't suggest MD5. That hash algorithm is cryptographically broken. In fact, SHA1 is also fairly insecure. SHA2 seems like a (currently) robust enough algorithm to use. =) – J. Steen Apr 16 '13 at 07:43
2

I would suggest storing your password hashed rather than encrypted (hashing is one way where as encryption is reversable). I have written about this here (Password storage, how to do it right).

I have also written a piece of code to hash the string using SHA512, the code is in VB.NET but it should be pretty simple to move it over to C#, the code is available here (Calculate the SHA512 hash of string or file).

If you hash the password and compare it to the hash you have stored in the file, if the two match then they have provided the same password as was hashed originally.

As J. Steen mentioned in the comment below that I hadn't made it clear that you should also salt your hashes, this is adding a predefined string to the password prior to hashing it. This makes it harder for anyone to brute force the plain text. So for example if the password was Password1 (I know what an amazing password) you would add a string that you would store in your application to the beginning like ~{}:@>?!"£$)&(*$. You would then hash the value ~{}:@>?!"£$)&(*$Password1. When you want to check that the user has supplied the same password in the login, you use the same salt and what ever password they supply.

Hopefully that explains it, if not and you feel the first link doesn't help you understand feel free to let me know :D

Sam Jenkins
  • 1,284
  • 1
  • 12
  • 30
  • Completely agree with you on that, I mention that in the first link. I'll add that to the answer as well though :) – Sam Jenkins Apr 16 '13 at 08:08
0

Well, you could make the program have it's own encryption code. For exampel, have it change all 'a' to "kra/".

But as someone mentioned above, this is not reall safe. But depending on your use, it may not have to be.

Stuppp
  • 1
  • 1
  • 2
    Please don't suggest things like this, encryption and hashing within .NET are probably easier to do than creating your own substitution method and are vastly more secure. – Sam Jenkins Apr 16 '13 at 07:54