How to Encrypt/Decrypt password in C#?

encryption

(ivan.norin) #1

How can I encrypt the password and username in a C# program?


(Daniel) #2

A secure way to encrypt your passwords is to Salt them. This means that your program automaticly adds some random text to your password before Hashing it (which is how you can encrypt the password).

I’ll provide you with some more info. This is how I learned and applied it myself:

First thing you do is create a random salt value

byte[] salt = new byte[32];
System.Security.Cryptography.RNGCryptoServiceProvider.Create().GetBytes(salt);

Next we apply the salt to the password.

`   byte[] plainTextBytes = System.Text UnicodeEncoding.Unicode.GetBytes(plainText);`
    byte[] combinedBytes = new byte[plainTextBytes.Length + salt.Length];
    System.Buffer.BlockCopy(plainTextBytes, 0, combinedBytes, 0, plainTextBytes.Length);
    System.Buffer.BlockCopy(salt, 0, combinedBytes, plainTextBytes.Length, salt.Length);

Next we hash both the combined password and the salt.
First we create hash for the pasword and the salt.

System.Security.Cryptography.HashAlgorithm hashAlgo = new System.Security.Cryptography.SHA256Managed();
byte[] hash = hashAlgo.ComputeHash(combinedBytes);

Next we apply the salt to the hash.

byte[] hashPlusSalt = new byte[hash.Length + salt.Length];
System.Buffer.BlockCopy(hash, 0, hashPlusSalt, 0, hash.Length);
System.Buffer.BlockCopy(salt, 0, hashPlusSalt, hash.Length, salt.Length);

Finally we store the result in your database and voila.


(1337_BOT) #3

Just hash the passwords in a local file database, Daniel seems to have explained quite well how to improve your security, all that combined should set you up man.

You can spice up encryption as long as you understand what you’re doing, it’s actually really fun to try and make something and then have a friend or colleague try to crack it. You can get really good at it that way. Instead of paying a white hat to crack your stuff, just have a few friends have a whack at it lol.