4

I want to encrypt passwords using the C# WPF. what is the best algorithm (and easy to implement) to use? and I want some example about how to use it ...

sikas
  • 5,435
  • 28
  • 75
  • 120
  • Do you want one way or two-way encryption? And there are plenty of samples at http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx where it lists all cryptoproviders in .Net. – Mikael Svenson Jul 17 '10 at 08:45
  • 3
    WPF is a UI framework and not related to encryption. I suggest you start looking here: http://www.c-sharpcorner.com/uploadfile/gsparamasivam/cryptencryption11282005061028am/cryptencryption.aspx – TimothyP Jul 17 '10 at 09:15
  • @Mikael Svenson: one way encryption would be fine, as I don`t need to reverse the encryption. I`m thinking of storing the password encrypted in a database then match the stored value with the encryption of the user-typed one. – sikas Jul 17 '10 at 17:41

1 Answers1

5

Do not try to create your own encryption algorithm rather use the cryptography classes provided in the .NET Framework through System.Security.Cryptography.

For passwords a good solution is to use a oneway encryption like a MD5 hash or SHA1. And when the user enters his/her password you compute the hash and compare it to the stored hash. The advantage of this is that you do not need to worry about how to securely store the key used to encrypt the passwords.

To increase the security of using a one way hash you can apply a salt, this help restrict the effectiveness of certain types of attackes like a dictionary attack etc. I have not read the wiki entry, but I am sure this will provide more detail.

Chris Taylor
  • 52,623
  • 10
  • 78
  • 89
  • Thanks a lot, I`ve used the MD5 hash before in my graduation project, but I was thinking of a better way of storing passwords. – sikas Jul 17 '10 at 17:44
  • @sikas, when it comes to securely storing passwords I am not aware of anything that is "better" than going with a salted hash. Of course you might have other requirements that a oneway hash does not address, if that is the case you should provide some criteria that you need to meet with your password storage solution. – Chris Taylor Jul 17 '10 at 19:12
  • I`m using access db to store all the data. So the passwords can be stored in a one-way encryption no need to reverse it ... I`ll check the salted hash idea. But do you know if it produce a fixed size string or is it variable sized? – sikas Jul 17 '10 at 20:11
  • The salt is added to the password then the combination is hashed, so the final hash is fixed size where MD5 would be 128 bits (16 bytes), SHA1 160 bits (20 bytes) etc. – Chris Taylor Jul 17 '10 at 21:12
  • Thanks, I think I`m gonna stick to the MD5 as I`ve used it before. – sikas Jul 18 '10 at 00:59