I am working on final project for my C# class. My project is a password management program. As I first thought to use just encrypting/decrypting file in AES but my professor pointed out that MS Access database would be much better choice.
My question is: how would I encrypt data in database using code I already have? So day I am referring to this article ( gutgames.com/post/AES-Encryption-in-C.aspx ) which works perfect and I can encrypt/decrypt data. Should I use thus code to encrypt ms access file? please post some useful links how would I encrypt my data.
Encrypting the Access file itself would limit your options regarding concurrent access and people being able to access different bits of the database. Your end goal should be to encrypt data /within/ the database, and ensure people can only access what they should be allowed to access. One of the common ways of securely managing passwords is to hash/encrypt the password and store that (for which the code you linked to would be fine). Upon login to whatever system the database is storing the passwords for, you would hash/encrypt the provided password and compare it to the stored one. If the user needs a new password, generate a new one, store the hashed/encrypted copy, and give the user their new password.
If you want to be able to recover the password (i.e. if you want a Forgot My Password function to give the user their password rather than give them a new one) encrypt it, so that’s it’s decryptable to provide back to the user. If you’re okay with just issuing new passwords, hash it.