0

I have a database column filled with plain text. The managers decided that it is too risky to store passwords in a database as plain text. So the problem is, that I need to transfer all values in that given column to encrypted text and of course modify the business logic in C#. From know on the program should read the encrypted value from the database, decrypt the data and work with it, and of course if a new user registers I need to store the ecrypted value in the database. (But this does not a problem.) So is there a proper and secure way to encrypt this whole column (which is already in use as plain text) without breaking the behavior of the software?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Tibor Balogh
  • 27
  • 1
  • 7
  • 4
    Its equally bad to store encrypted passwords. You should be storing *hashed* passwords: [storing passwords in SQL Server](https://stackoverflow.com/questions/876342/storing-passwords-in-sql-server) – Alex K. Jun 08 '17 at 11:39
  • Do you ever do anything with passwords from the DB other than validate them? (For example, do you ever email a customer their current password?) – mjwills Jun 08 '17 at 11:50
  • 1
    Instead of encrypting/decrypting password, use the `PasswordHasher` class from asp.net to generate hashed versions of the entered password. You can also use the class to verify a password, without generating the exact same hash again. See this article: [PasswordHasher](https://msdn.microsoft.com/en-us/library/microsoft.aspnet.identity.passwordhasher(v=vs.108).aspx) – Lars Kristensen Jun 08 '17 at 11:52
  • 2
    Update your code locally, stop your services, hash all passwords in that column (do not encrypt as said above), publish updated code to server, start your services back. – Evk Jun 08 '17 at 11:57
  • You should read this: [Why your app’s security design could affect sales of Acai berries - Troy Hunt](https://www.troyhunt.com/why-your-apps-security-design-could/) – SqlZim Jun 08 '17 at 12:18
  • 1
    Why would you email a customer their password? Don't do that. If they forget their password make them reset it, don't email it to them... – Jacob H Jun 08 '17 at 12:42
  • 3
    @JacobH we left Sprint many many years ago because every time we'd call "customer service" the first thing they did after verification was 'remind' us what our password was. Yikes! – Rachel Ambler Jun 08 '17 at 13:59
  • Please fix your spelling: when you write _ecrypted_, do you mean "decrypted" or "encrypted"? – Cœur Jun 26 '18 at 08:53

1 Answers1

0

1) Create new column like hash_pwd;

2) Fill it with hashed equivalent of current password;

3) Change software to work with hash, not plain password;

4) Drop or clear the old column with plain passwords.

PS: It is good idea to store not simple hash (MD5/SHA) of password but add static string like HASH( plain_password + "my_string" ). This will protect the database from hash-dictionary hacks - e.g. if I know the result of HASH( "123456" ) and can find all users using password 123456.

i486
  • 6,491
  • 4
  • 24
  • 41
  • Using MD5 or SHA1 for secure hashes is not a good idea at all. Use strong hashing algorithms with preferably a random salt. – quinz Jun 08 '17 at 14:06