0

I am creating an application which stores multiple passwords of a user. First user has to provide his/her user-name plus password, and after successful login he'll be given all his saved passwords.

I am using md5 encryption method. I've successfully integrated md5 in my log-in module. But the problem is, how can I encrypt the stored passwords (in a file), as there is no legal way to decrypt md5 hash. Please suggest an algo.

Any help would be greatly appreciated!

Muhammad Ali Dildar
  • 1,467
  • 6
  • 24
  • 35
  • MD5 is hashing algorithm not an encryption so theoretically (in case of MD5 theoretically) you can not revert back an initial value – sll Oct 07 '11 at 19:13
  • 1
    See this SO post with encrypt example http://stackoverflow.com/questions/1073822/c-encrypt-an-object/1074375#1074375 – sll Oct 07 '11 at 19:15

4 Answers4

3

You could use AES Algorithm

Following article may help you to get started:

Keep Your Data Secure with the New Advanced Encryption Standard

The Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification for the encryption of electronic data. It is expected to become the accepted means of encrypting digital information, including financial, telecommunications, and government data. This article presents an overview of AES and explains the algorithms it uses. Included is a complete C# implementation and examples of encrypting .NET data. After reading this article you will be able to encrypt data using AES, test AES-based software, and use AES encryption in your systems.

Predator
  • 1,267
  • 3
  • 17
  • 43
3

You would want to use a symmetric encryption algorithm like AES, or 3DES. MD5 is not encryption, it's hashing, and the original password is not actually preserved.

CodingGorilla
  • 19,612
  • 4
  • 45
  • 65
  • 1
    It means you people want to say that md5 (and other hash algos) can only be used for log-in purpose but not to preserve the sensitive data. Is it? – Muhammad Ali Dildar Oct 07 '11 at 19:18
  • @MuhammadAliDildar Exactly, as I said, the original password is not a part of the results of the MD5 hash, so the only way to "guess" the password is to run hundres-of-thousands of hashes and see if they match. See: http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes – CodingGorilla Oct 07 '11 at 19:25
  • Do you recommend if I create my own encryption algorithm? – Muhammad Ali Dildar Oct 07 '11 at 19:28
  • It would seem a lot more reasonable to use one of the existing algorithms, as implementing your own encryption algorithm is no small task. – CodingGorilla Oct 07 '11 at 19:31
  • 2
    @MuhammadAliDildar: Do not try to create your own algorithm, if you are not a cryptographer. Even then, you would want to publish it first and wait some years to see if others can find weaknesses, before productive use. – Paŭlo Ebermann Oct 07 '11 at 19:42
1

MD5 is not an encryption algorithm. It's a one-way hash. A one-way hash algorithm is suitable for authenticating users because you only ever hash their entered password (and compare it with the saved hash). You cannot decrypt a hash and display their passwords.

You need an encryption algorithm.

Edward Thomson
  • 74,857
  • 14
  • 158
  • 187
1

I am creating an application which stores multiple passwords of a user. First user has to provide his/her user-name plus password, and after successful login he'll be given all his saved passwords.

Since you are using C#, I'm assuming you are working on Windows and not a Mono project. First, the user proved his/her identity when they logged on, so there's no need to ask them to do so again.

Second, use Data Protection API (DPAPI). Its the standard way of storing user secrets on a Windows system. (cf Writing Secure Code, Chapter 9, p. 305). On earlier version of .Net, you will need to interop. On later versions of .Net (3.5, IIRC), it is available via the CLR.

Finally, MD5 is broken so it should not be used for cryptographic purposes. NIST recommends a security level of 112 bits (cf, Special Publication 800-57). Ditto for ECRYPT.

If you must discard DPAPI, use SHA-224 or higher as the hash for a password based key derivation function. Encrypt the file with 3-key TDEA, AES, Camellia, etc. Use an authenticated encryption mode (EAX, CCM, GCM) to detect tampering. If you don't have an authenticated encryption mode, you will need to add authenticity assurances yourself with a CMAC or HAMC (DPAPI does it for you).

Jeff

jww
  • 97,681
  • 90
  • 411
  • 885
  • No, don't use a normal fast hash as key derivation function. Use a slow hash (PBKDF 2 with high factor, bcrypt, scrypt are examples). – Paŭlo Ebermann Oct 09 '11 at 20:07
  • "PBKDF 2 with high factor, bcrypt, scrypt are examples" - bcrypt and scrypt are outside my normal working algorithms (I usually must use NIST, NESSIE, or IEC/ISO approved algorithms). – jww Oct 09 '11 at 20:28
  • 1
    Then use PBKDF 2, at least. A single hash to derive an encryption key from a password is too easily bruteforce-able. – Paŭlo Ebermann Oct 09 '11 at 21:05
  • "Then use PBKDF 2" - yes, definitely agree there. I'll clean up the sloppy answer. – jww Oct 09 '11 at 21:47