0

recently I want to learn in asp.net. yes, i have to admit i have a lack of experience in this field. i have made a program by referring in youtube of a simple register and login page. the thing is, is it possible if i want to modify the program so that every time a user register to it, his password will be encrypted and stored in the database. i have done all the connection to the database and the only i face is to apply the encryption. is it possible to apply an AES to encrypt all the password when a user registers to that page. this is my link for my program: https://drive.google.com/open?id=0B617de01Nn1Ib2hQLTNfQVlJNzA

Apez
  • 1
  • 3
    You should one-way hash passwords, not encryption. –  May 08 '17 at 19:45
  • I agree with @Amy. Hashing is one-way whereas Encryption is two-way meaning you can Decrypt the value later. Ideally passwords should be hashed and when user provides with their password to login, you will hash them again and compare the two hashes instead. – Gururaj May 08 '17 at 19:47
  • @Amy okay this is new. can you suggest a way one-way hash it? a link for a reference? – Apez May 08 '17 at 19:47
  • @gururaj okay can you give me a link or a reference? or it would be great if you can see my program and comment about it. or giving a advice from it – Apez May 08 '17 at 19:49
  • 1
    Sha256CryptoServiceProvider https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256cryptoserviceprovider(v=vs.110).aspx – Kevin May 08 '17 at 19:53
  • @Apez - You can google and you will find plenty of relevant Tutorials on Hashing and Encryption. Even MSDN will be a very good reference. https://msdn.microsoft.com/en-us/library/windows/desktop/aa382459(v=vs.85).aspx – Gururaj May 08 '17 at 19:56
  • @kevin it would be great if you can see my program and giving me a couple of advice. which part should i start or which is the part that i need to focus on – Apez May 08 '17 at 19:59
  • If you wish us to see your code, post your code, not a link to it. That way you can only expose what code you need to and we don't take the risk of clicking on a link we don't know. – Kevin May 08 '17 at 20:05
  • You should never encrypt your user's passwords. You need to use hashing instead with some strong ones being PBKDF2, bcrypt, scrypt and Argon2. Since hash functions are one-way function, you won't be able to "decrypt" the hashes. In order to authenticate your user, you can run the password through the hash function again in order to compare with the hash that is stored in the database. See more: [How to securely hash passwords?](https://security.stackexchange.com/q/211/45523) – Artjom B. May 08 '17 at 20:06
  • 2
    Possible duplicate of [ASP.NET Identity default Password Hasher, how does it work and is it secure?](http://stackoverflow.com/questions/20621950/asp-net-identity-default-password-hasher-how-does-it-work-and-is-it-secure) – Artjom B. May 08 '17 at 20:08
  • this is my first time using stackflow. can you teach me how do i post my code here @kevin – Apez May 08 '17 at 20:29
  • @Apez Click the edit button under the question, maybe? –  May 09 '17 at 12:47

0 Answers0