Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. Encryption and decryption ASP.
NET [closed] Ask Question. Asked 6 years, 9 months ago. Active 4 years, 10 months ago. Viewed 3k times. Samrikan Samrikan 63 1 1 silver badge 9 9 bronze badges. There's plenty of simple examples on the Internet for encryption and decryption and hashing , which is probably more along the lines of what you should be doing.
We're not tutorial finders. In any case, rolling your own security mechanism is not something to be undertaken by anyone. If you have to ask how to do it, that's a good sign you shouldn't be doing it and should instead use something pre-built.
ThomasLindvall Are you trying to say I should encrypt a password, when the user logs in encrypt the password they typed in and match it with the stored original encrypted password? Samrikan, no that's not what he is trying to say. You should never be encrypting passwords and storing them. You should only be storing the hashes of the passwords which is quite different.
Here's a good start: stackoverflow. What kind of project are you working on? NET Identity it takes care of all the encryption and user management. Add a comment. Active Oldest Votes. Community Bot 1 1 1 silver badge. Tarik Tarik 10k 1 1 gold badge 20 20 silver badges 35 35 bronze badges. Edited my answer accordingly. Sha is better suited to message integrity issues rather than password encoding. It is too fast — phil soady. Show 2 more comments. As oscar explained in a comment, you shouldn't try and reinvent membership.
Nzall Nzall 3, 5 5 gold badges 26 26 silver badges 57 57 bronze badges. Why you should use hashing rather than encryption: If you use encryption, then you will need to have a key. What does Hashing do differently? A small code sample: using System.
Why do we need to use this encryption and decryption processes? In a Client -Server Application, security is a very important factor. By using this process, we can hide the original data and display some junk data. Based on this, we can provide some security for our data. For this, we are using the encryption and decryption techniques, which are done by using a technique called Cryptography.
Cryptography is the science of writing in the secret code and is an ancient art; the first document made use of cryptography in writing, which dates back to circa B. Cryptography is necessary, when communicating over any an untrusted medium, which includes just about any network, particularly the Internet. There are five primary functions of Cryptography which are:. In Cryptography, we start with the unencrypted data, referred to as a plaintext. Plaintext is encrypted into cipher text, which will in turn usually be decrypted into a usable plaintext.
The encryption and decryption is based upon the type of Cryptography scheme, being employed and some form of key. Encoding data simply provides protection against data corruption when transferring that data from one place to another, such as across networks. Encryption is similar to encoding in that it is designed to be reversible. However, encryption uses a cryptographic algorithm to convert the data from one form to another, and only those with access to a particular cryptographic key are able to unscramble it back to its original form.
Finally, there is hashing, which shares a reliance on cryptography with encryption, but is a one-way process. Data that has been properly hashed cannot be unhashed or decoded. When a user registers with a web site, the password they provide is hashed and then the hashed value is stored in the database. When they attempt to log in subsequently, the password they provide is hashed, and the newly hashed value is compared to the one that has already been stored.
Hashing is deterministic in that it always produces the same result, given the same input. The data protection APIs provide mechanisms for encryption and hashing but this article is only concerned with encryption. Encryption requires a key, which is created and managed by the data protection system.
Keys are created with a default lifetime of 90 days, and stored in a suitable location according to the environment. Keys are temporary, so the data protection API is designed mainly for short term data protection scenarios such as encryption of authentication cookies or query string data. It is not designed for the protection of data that, for example, might be stored long term in a database.
0コメント