Re: Decrypt
From: Jeff Louie (jeff_louie_at_yahoo.com)
Date: 11/26/04
- Previous message: Tampa .NET Koder: "RE: ASP.NET on charge!"
- In reply to: Vishal: "Re: Decrypt"
- Next in thread: Ben Amada: "Re: Decrypt"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 26 Nov 2004 13:09:43 -0800
Vishal... RC4 and DES are examples of two way algorithms. The .NET
cryptograhpy API has two way algorithms, but it is _not_ recommended
that you store the encrypted passwords on the server. If someone
compromises the server they can decrypt them. If you only store
hashcodes on the server, it will be difficult to recreate the password
table. In fact, don't just hash the passwords, but combine the password
with a random "salt" --> hash the result and store the hash and random
salt on the server. To verify the user's credentials, take the users
input, add it to the stored random salt --> hash the result and compare
it to the stored hash.
Regards,
Jeff
>Can anybody tell me which encryption is used
for two-way? So that I can encrypt/decrypt the passwords?<
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
- Previous message: Tampa .NET Koder: "RE: ASP.NET on charge!"
- In reply to: Vishal: "Re: Decrypt"
- Next in thread: Ben Amada: "Re: Decrypt"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
