|
|
|
|
 |
asp:feature LANGUAGES: VB .NET TECHNOLOGIES: Encryption | Security
Encrypt Sensitive Data Easily Use this VB .NET module to keep passwords in ASP.NET apps away from prying eyes.
Here's a simple way you can make your apps appreciably more secure. Simply add the following VB .NET module to your project and call the HashData function to hash any sensitive data so it is secure from prying eyes:
Imports System.Text Imports System.Security.Cryptography
Module modEncrypt Public Function HashData(ByVal s As String) As String 'Convert the string to a byte array Dim bytDataToHash As Byte() = _ (New UnicodeEncoding()).GetBytes(s)
'Compute the MD5 hash algorithm Dim bytHashValue As Byte() = _ New MD5CryptoServiceProvider().ComputeHash(bytDataToHash)
Return BitConverter.ToString(bytHashValue) End Function End Module
Once your string parameter is hashed, it's computationally infeasible to determine the plain-text version.
Of course, this works better for some kinds of data than others. It works especially well for storing passwords in databases. When a new user signs up, simply hash his or her password and store the hashed value in the database. When the user logs in next time, hash the password and compare it to the hashed value you stored in the database. If the hashes match, admit the user.
Note, however, that if your user forgets the password, even you will not be able to decipher it. Most companies deal with this situation by auto-generating a new password and sending it to the user's registered e-mail address, or by implementing a system such as password hints or secret question/answer pairs.
Steve C. Orr is an MCSD currently working with The Cadmus Group Inc. You can reach him at http://steve.orr.net.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
||||||
