-1

I have bankAccountnumber and routing number stored in SQL Server.

How I can encrypt those information most secure way?

What datatype I should use?

I want to use Hashcode with salt but I do not know how to decrypt?

SQL Server table

Salt    varbinary(250)  not null
bankAccountnumber binary(16)    not null

Code

For encryption below code work but I do not know how to decrypt bankaccount number. I do not know I am using right datatype.

public void CreateNewAccount(AccountManagementView userAccount)
{
            byte[] salt = System.Text.Encoding.UTF8.GetBytes("hereissalt");
            byte[] hashedbankaccnumber = CreateSaltedField(salt, userAccount.bankAccountnumber);

            BuildInsertQueryForTable("User")
                .SetColumnToValue("ID", Guid.NewGuid())
                .SetColumnToValue("EmailAddress", userAccount.EmailAddress)
                .SetColumnToValue("Salt", salt)
                .SetColumnToValue("bankAccountnumber", hashedbankaccnumber )
                .ExecuteNonQuery();
}

This is function generating encryption key

private static byte[] CreateSaltedField(byte[] salt, string bankAccountnumber)
{
    return new HMACMD5(salt).ComputeHash(System.Text.Encoding.UTF8.GetBytes(bankAccountnumber));
}

Can anybody help me?

John Saunders
  • 160,644
  • 26
  • 247
  • 397
user2205924
  • 471
  • 1
  • 4
  • 8
  • 3
    frankly, if you need to ask, you probably shouldn't be dealing with this sort of thing. – Marc B Dec 15 '14 at 21:43
  • Hahaha then how will it be secure?? You are leaving everything open :P – Tushar Gupta Dec 15 '14 at 21:44
  • 1
    It would be more secure with a more-experienced developer working on it. – John Saunders Dec 15 '14 at 21:49
  • *Hey, yeah, **great idea**. Let's post an answer here then we can hack into their bank!*. But in all seriousness if you need to ask this question you shouldn't *really* be working on this project. – AStopher Dec 15 '14 at 22:01
  • Gotta wonder who upvoted this and for what reason: http://puu.sh/dwcSs/47b2bb5498.png – AStopher Dec 15 '14 at 22:08
  • I don't think Bank Account Number is sensetive data. It's just a serial number but you must hash password and then binary compare that. – M.G.E Dec 15 '14 at 23:36
  • Start here: http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms – Tim Williams Dec 16 '14 at 00:46

1 Answers1

0

I want to use Hashcode with salt but I do not know how to decrypt?

You cannot use Hash with Salt such as SHAXXX. It is one way encryption, and it is used for encrypting password.

You might want to look at TripleDESCryptoServiceProvider which is quite strong.

FYI: Normally, Bank knows what the requirement is, and the kind of requirements comes from upper-level. Please consult with your supervisor.

Win
  • 61,100
  • 13
  • 102
  • 181