Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using the RijndaelManaged object to encrypt and store passwords in my database. I currently have the key and vector arrays hard coded into the object. Obviously, this is not great because somebody could get the keys and decrypt all the passwords. What is the best way secure passwords and where should these keys be stored for max protection?
Thanks.
If you could store the keys securely then Reijndael would be great.
But you can’t.
The general practice is: don’t store the passwords at all. Store a Hash of the Pw ( + username + salt) and recalculate that when the user tries to log in.