achieve password encryption

[Anton Sommer]

Hello folks,

how can I encrypt the password that an user enters in my normal login
window.


Thank you

Anton

[Pete]

Hi,
You might want to try this


public string GetEncryptedPassword(string sPass)

{

return
FormsAuthentication.HashPasswordForStoringInConfig File(sPass,"sha1");

}

"Anton Sommer" <anton.schamy_no_spam_@arcor.de> wrote in message
news:bprt45$8p3$07$1@news.t-online.com...

> Hello folks,
>
> how can I encrypt the password that an user enters in my normal login
> window.
>
>
> Thank you
>
> Anton
>
>

[Anton Sommer]

thank you for responding Pete,


but can you give me a few more details, I am not understanding how the
password should be encrypted client wise

thank you


Anton
"Pete" <peted "at" xboxracing dot net> schrieb im Newsbeitrag
news:ODtHRrPtDHA.640@tk2msftngp13.phx.gbl...

> Hi,
> You might want to try this
>
>
> public string GetEncryptedPassword(string sPass)
>
> {
>
> return
> FormsAuthentication.HashPasswordForStoringInConfig File(sPass,"sha1");
>
> }
>
> "Anton Sommer" <anton.schamy_no_spam_@arcor.de> wrote in message
> news:bprt45$8p3$07$1@news.t-online.com...

> > Hello folks,
> >
> > how can I encrypt the password that an user enters in my normal login
> > window.
> >
> >
> > Thank you
> >
> > Anton
> >
> >

>
>

[Pete]

Hi Anton,
Sorry I never comment code ;-(

All this does is encrypt a client passed string (password).

You could use this as follows:

1) User creates an account, you encrypt the password before storing in the
db with the userId
2) When a user logs on you encrypt the supplied (logon) password and compare
it with whats stored in the db.

All encryption is done on the server not the client so you'd be wise to use
SSL if your site has sensitive info.

Hope this helps a bit.

Pete



"Anton Sommer" <anton.schamy_no_spam_@arcor.de> wrote in message
news:bq87vb$d5p$05$1@news.t-online.com...

> thank you for responding Pete,
>
>
> but can you give me a few more details, I am not understanding how the
> password should be encrypted client wise
>
> thank you
>
>
> Anton
> "Pete" <peted "at" xboxracing dot net> schrieb im Newsbeitrag
> news:ODtHRrPtDHA.640@tk2msftngp13.phx.gbl...

> > Hi,
> > You might want to try this
> >
> >
> > public string GetEncryptedPassword(string sPass)
> >
> > {
> >
> > return
> > FormsAuthentication.HashPasswordForStoringInConfig File(sPass,"sha1");
> >
> > }
> >
> > "Anton Sommer" <anton.schamy_no_spam_@arcor.de> wrote in message
> > news:bprt45$8p3$07$1@news.t-online.com...

> > > Hello folks,
> > >
> > > how can I encrypt the password that an user enters in my normal login
> > > window.
> > >
> > >
> > > Thank you
> > >
> > > Anton
> > >
> > >

> >
> >

>
>

[Anton Sommer]

Thanks for responding Pete,

> All encryption is done on the server not the client so you'd be wise to

use

> SSL if your site has sensitive info.
>

Well I meant anyway encrypting the password on the way from the client to
the webserver, so is SSL then the only opportunity there? How could I
achieve it or are there different solutions to secure the transmission of a
password on the way from the client to the webserver.


Thanks

Anton



P.S. Ironically in my case it would help a lot to me if the browsers would
simply display the page as being secure (Key sign or locked lock sign)

[Pete]

> Well I meant anyway encrypting the password on the way from the client to
> the webserver, so is SSL then the only opportunity there? How could I
> achieve it or are there different solutions to secure the transmission of

a

> password on the way from the client to the webserver.
>

I'd say SSL is the way to go as any technology you employ on the client
could be
open to abuse. Besides, SSL does it all for "free" for you (apart from a
slight
performance overhead)

A client side solution would probably be script based unless your thinking
of
installing assemblies (possible if it's in the intranet though).
I think client-side code should be kept to a minimum...especially when it's
security related.

HTH

Pete