Encrypt password in database

Question

I have this password, let's say it is:

Testabc123

And it stored in the database, but the password field in the database is showing the password Testabc123. I want it when user open the database, the password field is no longer showing Testabc123, but something that another user can't access. Only the user who know his password does.

Any help?

Thank you

Your answer much appreciated!

encrypt the password and then save it to database. Encryption is not the job for the database. — Matt, Mar 06 '14 at 13:19
Please, do not include information about a language used in a question title unless it wouldn't make sense without it. Tags serve this purpose. — Ondrej Janacek, Mar 06 '14 at 13:20
Don't store passwords. Never. Not even encrypted. Use one-way hashing instead. — Bart Friederichs, Mar 06 '14 at 13:20

score 3 · Answer 1 · answered Mar 06 '14 at 13:20

Do not store plain-text passwords in a database. Use a hash function on the password such that the string stored in the database is unreadable. Another user can't do anything with that string, even if he knows it. You must still make sure the other user cannot change the password field, otherwise even that won't help, because he could just copy the hash of his own password there.

Check some other questions (or google) on storing passwords in a database. There should be a lot of information on this around.

score 0 · Answer 2 · edited May 23 '17 at 10:26

0

Have you tried to use a salted hash to save your password? Or with encryption?

Have a look at Password encryption

edited May 23 '17 at 10:26

Community

1
1

answered Mar 06 '14 at 13:19

wterbeek

451
9
26

score 0 · Answer 3 · answered Mar 06 '14 at 13:24

0

Never store passwords as plain-text in your database. Encrypt them, or even better, hash them. The .NET library that I use to hash my passwords is BCrypt.NET

answered Mar 06 '14 at 13:24

Loetn

3,832
25
41

score 0 · Answer 4 · answered Mar 06 '14 at 13:37

Like the other posters mentioned, never store passwords in the database in plain text or encrypted. Hash them first, and in your login process, hash the provided password and compare it to the hash from the database. Here is some code for hashing:

//Author: Racil Hilan
/// <summary>Defines the function used in generating the hash.</summary>
public enum HashAlgorithm { MD5, SHA1, SHA256, SHA384, SHA512 }

//Author: Racil Hilan
/// <summary>Hashes a string using the specified algorithm.</summary>
public static string HashString(string StringData, HashAlgorithm Algorithm) {
  System.Security.Cryptography.HashAlgorithm alg;
  switch (Algorithm) {
    case HashAlgorithm.MD5:
      alg = MD5.Create();
      break;
    case HashAlgorithm.SHA1:
      alg = SHA1.Create();
      break;
    case HashAlgorithm.SHA256:
      alg = SHA256.Create();
      break;
    case HashAlgorithm.SHA384:
      alg = SHA384.Create();
      break;
    case HashAlgorithm.SHA512:
    default:
      alg = SHA512.Create();
      break;
  }
  return HashString(StringData, alg);
}

//Author: Racil Hilan
/// <summary>Hashes a string using the provided algorithm.</summary>
private static string HashString(string StringData, System.Security.Cryptography.HashAlgorithm Algorithm) {
  byte[] Hashed = Algorithm.ComputeHash(Encoding.UTF8.GetBytes(StringData));
  return BytesToHex(Hashed);
}

//Author: Racil Hilan
/// <summary>Converts a byte array to a hex string.</summary>
private static string BytesToHex(byte[] bytes) {
  StringBuilder hex = new StringBuilder();
  foreach (byte b in bytes)
    hex.AppendFormat("{0:X2}", b);
  return hex.ToString();
}

Encrypt password in database

4 Answers4