Problem in salt Encryption

Posted by Modit under ASP.NET on 3/8/2010 | Views : 3664 | Status : [Member] | Replies : 10
Hi , well i was making a project and required salt encryption in it. I am able to store salted password in the database but I am facing a little problem when i am checking for the username and password in the database. I am attaching the code that i have so far written.

Table name: Login
Fields Datatype
un varchar(50)
pass varchar(50)
salt int

When i run Default.aspx i am able to register the user with hashed value in the database, but am not able to check for the un and pass from the database using default2.aspx

I have uploaded the required project http://rapidshare.com/files/360650523/salt_encryption.rar.html . I would be really grateful if anyone can help me out.

Thanks and Regards,

Modit




Responses

Posted by: Vuyiswamb on: 3/9/2010 [Member] [MVP] [Administrator] NotApplicable

Up
0
Down
So what you are saying is that you are able to encrypt the password and store it in the db but you cant retrieve that encrypted and compare it with what the user have entered ?

Thank you for posting at Dotnetfunda
[Administrator]

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Modit on: 3/9/2010 [Member] Starter

Up
0
Down
yes, the password is successfully stored in the database but am not able to check for the same.

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 3/9/2010 [Member] [MVP] [Administrator] NotApplicable

Up
0
Down
As you have created a function to encrypt the password , then you need to create another function that will decrypt the password to normal readable text and check against it. Understand ?

Thank you for posting at Dotnetfunda
[Administrator]

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Modit on: 3/9/2010 [Member] Starter

Up
0
Down
well that is what my Default2.aspx page is doing, it it taking the username from textbox1 , according to it its taking the salt value stored in the database and then it is decrypting the password and matching it against the database. I am able to decrypt it but when i am checking it the condition is always returning false.

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 3/9/2010 [Member] [MVP] [Administrator] NotApplicable

Up
0
Down
Show me the Code that you use to Validate and show me the code that you use to decrypt

Thank you for posting at Dotnetfunda
[Administrator]

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Kunal2383 on: 3/9/2010 [Member] Starter

Up
0
Down
The question here is: how you are comparing it.

Better option for this will be the following:

string currentPwd = enteredPwd.Trim(); // change this line according to your code
string originalPwd = DecryptPassword(password).Trim(); // change this line according to your code

if(originalPwd.Equals(currentPwd))
{
// do whatever you want
}
else
{
// do whatever you want
}

Thanks & Regards,
Kunal Chowdhury | http://www.kunal-chowdhury.com | http://twitter.com/kunal2383

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Modit on: 3/9/2010 [Member] Starter

Up
0
Down
thank you guys for the suggestions, code working now . i have posted it here and waiting for an approval. will post the link once it has been approved.

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Abhi2434 on: 3/9/2010 [Member] [Microsoft_MVP] [MVP] Silver

Up
0
Down
I would rather use just MD5 hash algorithm for password encryption.

That means once the password is encrypted, it will not be decrypted by any means. by this way you might secure the password greatly. No one can decrypt the password, even they find your logic of encryption.

While I check, I will encrypt the password that feed in by the user and check both the encrypted string to match.

I am using it with great success for long time. If you want the code, let me know.

Cheers.

www.abhisheksur.com

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Modit on: 3/9/2010 [Member] Starter

Up
0
Down
Thanks man , I have the code for MD5 encryption. I know its easy , and simple to implement. But there are situations when you want that the passwords are unique for each and every user.

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Modit on: 3/9/2010 [Member] Starter

Up
0
Down
I am attaching the working code of the same.

http://rapidshare.com/files/361292702/salt.zip.html

Modit, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response