6 Replies Latest reply: Feb 9, 2009 10:51 AM by levancho RSS

    Password Encryption

    rtalton Community Member
      Hi,
      I'm converting a MySQL/PHP back-end to MS SQL Server 2005/ ASP.NET 3.5 (using MS Visual Web Developer 2008 Express Edition to create new web services). I am using a SSL certificate for the website.
      I need a way to encrypt/decrypt visitors' login passwords. Any suggestions on how to accomplish this, and/or best practices? Thanks for any help!
        • 1. Re: Password Encryption
          2JZ Community Member
          One simple way is to call a php's encription. Here is mine.

          public function getEncryptionMD5( $MyString )
          {
          return md5( $MyString );
          }
          • 2. Re: Password Encryption
            rtalton Community Member
            No, I cannot use PHP--that's what I'm moving away from.
            This will all be done using a .NET web service.
            Thanks anyway.
            • 3. Re: Password Encryption
              ntsiii Community Member
              How about an MD5 hash? There is an AS library for it. A hash is not technically an encryption, though, as I have learned since posting this example.
              http://www.cflex.net/showFileDetails.cfm?ObjectID=556
              • 4. Re: Password Encryption
                rtalton Community Member
                Thanks Tracy.
                I downloaded your samples and am going through the asp login page. Although I will be using C# and a web service, this is a brilliant example for me to get started with. Yes, MD5 is what I was using with PHP so it will work well for me. I'm assuming that the ActionScript MD5 encrypt function will not return exactly the same result as the PHP MD5 version, so my users may have to update their passwords?
                Anyway, of particular interest to me was the aspx page's line:
                FormsAuthentication.HashPasswordForStoringInConfigFile("mypassword", "MD5")
                Since I'm new to .NET, this was a revelation. I'll be looking at this .NET functionality more closely to see how to compare the info sent in from the HTTPService to the stored password.
                So, thanks again!
                • 5. Re: Password Encryption
                  ntsiii Community Member
                  Actually, I would expect any MD5 implementation to behave identically.

                  Certainly the AS and .net implementations worked together.
                  • 6. Re: Password Encryption
                    levancho Community Member
                    all md5 implementations MUST return same hash for same given String, if they dont then there is something wrong,
                    maybe your php one uses salting or something more than just md5 ing the string?