I have a server application accepting login by multiple instances/users of a client application, over internet/socket connection. Usernames and passwords will be saved in a database on the server. But how do I save them securely? And how can authentication and sending of username/password from client be done securely? Currently I send everything as plain text strings.
There will be streaming data (financial; stock prices) between server/client, but this data is not critical, so I don’t really see the need to secure that.
You must do https for the transaction and store password using SHA-1 hash and salt.
http://en.wikipedia.org/wiki/Salt_%28cryptography%29
Add some examples :
http://www.obviex.com/samples/hash.aspx
http://www.aspheute.com/english/20040105.asp
http://csharptest.net/?p=470