 |
| ASP.NET 1.1 As of 10/6/2005, this forum is locked as part of the reorganization described here: http://p2p.wrox.com/topic.asp?TOPIC_ID=35394. No posts have been deleted. Open ongoing discussions from the last week have been moved to either ASP.NET 1.0 and 1.1 Beginners http://p2p.wrox.com/asp-net-1-0-1-1-basics-60/ or ASP.NET 1.0 and 1.1 Professional. http://p2p.wrox.com/forum.asp?FORUM_ID=50. See my sticky post inside for more. |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the ASP.NET 1.1 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
August 18th, 2004, 09:06 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2004
Posts: 245
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Encrypt and Decrypt password
Hello
I am trying to take passwords and encrypt it before sending to database. Then store in database as encrypted. Then when need to retrieve password, I want to get encrypted password and decrypt before displaying to user.
I know about 2 types MD5 and SHA1.
The only example I found was using FormsAuthentication.HassPasswordForStoringInConfig File.
Can I use this as long as I don't store it in config file?
But I realized there is no example on how to decrypt this.
Also I noticed in FormsAuthentication there is Encrypt and Decrypt method.
Can anyone give me a simple code as example?
|
|
August 18th, 2004, 09:19 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
|
|
MD-5 Encryption isn't reversable...(I belive the same is true for SHA-1).
You would encrypt the PW and store it. When the user enters a password, you would encrypt that and compare the encypted strings. if they match, the source PW matches...
Hal Levy
Web Developer, PDI Inc.
NOT a Wiley/Wrox Employee
|
|
August 18th, 2004, 10:37 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2004
Posts: 245
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
You can't decrypt SHA1 of MD5?
When user forget their passwords how do I get that password if these encryption types are no decryptable???
What is the standard way to store passwords user enter to register?
My guess was that the password gets stored encrypted but when they forget it then I would have to decrypt it.
|
|
August 18th, 2004, 10:41 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
|
|
Ok.. I belive I said that... You can't decrypt them.. Therefore, you couldn't get their passwords....
Many sites store plaintext.. others store encrypted.. create new temp passwords and email them to people who forget their passwords and then they can reset to something they know.. others have reminder questions that will cause people to possibly remember their account.. there are many tools sites have used.. visit a few :)
Hal Levy
Web Developer, PDI Inc.
NOT a Wiley/Wrox Employee
|
|
August 18th, 2004, 11:05 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Hey,
You don't want to store it using a hash then. Hashing is a one-way operation. Use another type of encryption that uses a public key/private key. Using these keys, this is how you would decrypt the data.
Brian
|
|
August 18th, 2004, 06:43 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2004
Posts: 245
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Where can I find a simple example of this encryption that uses a public key/private key?
I can't find a example in a book.
Thank you all
|
|
August 19th, 2004, 03:35 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 518
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
visit following site, it will help you.
http://pajhome.org.uk/crypt/md5/
regards.
|
|
August 19th, 2004, 07:29 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
|
|
Hey,
Look in the MSN for the System.Security.Cryptography namespace.
Brian
|
|
|
