Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a WinForms application, with login form, and I want to store the username and password encrypted in a SQLite database. I saw that I can use salt and hash, but I don’t know how to encrypt the password in the code, and compare it when we authenticate.
Any help please?
You will need to take the username and password (the password from a masked text box, preferably with a second box for confirmation) salt it, and create a hash from the password, and then insert the plaintext username and salted hash of the password in to the database. You can then verify the users password in future by comparing the database stored version with a salted (same salt!) hash of what the user enters.
Note that each user should have their own salt which you randomly generate for that user when they create their account. (This is more secure that a global salt value which a hacker could discover).
Take a look at this article. It pretty much covers all the bases, but don’t use SHA-1 as recommended in the article. You want a slow hash function that is computationally expensive such as BCrypt, or PBKDF2 (which is included in .NET). See “What makes a good hash function for passwords”. (Thanks @CodeInChaos for pointing this out).
You can use Rfc2898DeriveBytes in System.Security.Cryptography to create the salted hash of the password, PBKDF2 style.
A good rule of thumb is that the number of iterations should cause the hashing operation to take about a second.