Hi..

I want to encrypt and decrypt a password using c#.net.If any body knows please help me.

I want to encrypt and decrypt a password using c#.net.

Don't encrypt your passwords. You should use a method that isn't reversible, which is why cryptographically secure one-way hashing is a common practice. Add a salt to the password (so identical passwords don't produce the same hash), then hash the combination a number of times. Add the unhashed salt to the hash, convert to a base 64 string for storage portability, and you're done. To check a password for validity, extract the salt and create a new hash with it, then compare to the stored hash:

using System;
using System.Text;
using System.Collections.Generic;
using System.Security.Cryptography;

class Application {
    public static void Main()
    {
        string pass = "some kind of password";
        List<string> stored = new List<string>();

        for (int i = 0; i < 10; i++)
            stored.Add(MungePassword(pass, null));

        foreach (string s in stored) {
            if (CheckPassword(s, pass))
                Console.WriteLine("Password is valid");
            else
                Console.WriteLine("Password is NOT valid");

            Console.WriteLine("\t'" + pass + "'");
            Console.WriteLine("\t" + s);
        }
    }

    private static string MungePassword(string password, byte[] salt)
    {
        if (salt == null) {
            // Create a random salt if one isn't provided
            salt = new byte[8];

            using (var crng = new RNGCryptoServiceProvider())
                crng.GetBytes(salt);
        }
        else if (salt.Length < 8)
            throw new ArgumentException("Salt must be at least 8 bytes");

        byte[] bytes = new UTF8Encoding().GetBytes(password);
        var saltedPass = new byte[bytes.Length + 8];

        // Combine the salt and password
        Array.Copy(bytes, saltedPass, bytes.Length);
        Array.Copy(salt, 0, saltedPass, bytes.Length, 8);

        var hash = new SHA256Managed();

        // Hash a suitably large number of times
        for (int i = 0; i < 1000; i++)
            saltedPass = hash.ComputeHash(saltedPass);

        var storedPass = new byte[saltedPass.Length + 8];

        // Prepend the unhashed salt to the hash for duplication purposes
        Array.Copy(salt, storedPass, 8);
        Array.Copy(saltedPass, 0, storedPass, 8, saltedPass.Length);

        // Use a base 64 string for storage portability
        return Convert.ToBase64String(storedPass);
    }

    private static bool CheckPassword(string stored, string password)
    {
        byte[] storedPass = Convert.FromBase64String(stored);
        var salt = new byte[8];

        Array.Copy(storedPass, salt, 8);

        return stored == MungePassword(password, salt);
    }
}
Comments
Absolutely!
Good description on how it should be done

Use this(not my own code)

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security.Cryptography;
using System.Data.SqlServerCe;

namespace Cloak
{
    class AesEncrypt
    {

        public AesEncrypt()
        {


        }

                               /*Where dataToEncrypt is the actual string you want
to encrypt/decrypt. password is a minimum 8 char string to disguise the pw.An example would be "12345678". Same rules with the salt. Remember all 3 variables have to be the same in the encrypt and decrypt function for it to work. If you plan on storing the pw in a database be sure to define the column as an nchar or varbinary variable or else you will get "padding cant be removed" errors */
        public  string EncryptA(string dataToEncrypt, string password, string salt)
        {
            AesManaged aes = null;
            MemoryStream memoryStream = null;
            CryptoStream cryptoStream = null;

            try
            {
                
                Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.Unicode.GetBytes(salt));

                
                aes = new AesManaged();
                aes.KeySize = 256;
                aes.BlockSize = 128;
                aes.Key = rfc2898.GetBytes(aes.KeySize / 8);
                aes.IV = rfc2898.GetBytes(aes.BlockSize / 8);

                
                memoryStream = new MemoryStream();
                cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write);

                
                byte[] data = Encoding.Unicode.GetBytes(dataToEncrypt);
                cryptoStream.Write(data, 0, data.Length);
                cryptoStream.FlushFinalBlock();

                //Return Base 64 String 
                return Convert.ToBase64String(memoryStream.ToArray());
            }
            finally
            {
                if (cryptoStream != null)
                    cryptoStream.Close();

                if (memoryStream != null)
                    memoryStream.Close();

                if (aes != null)
                    aes.Clear();
            }
        }

        public  string DecryptA(string dataToDecrypt, string password, string salt)
        {
            AesManaged aes = null;
            MemoryStream memoryStream = null;
            CryptoStream cryptoStream = null;

            try
            {
                //Generate a Key based on a Password, Salt and HMACSHA1 pseudo-random number generator 
                Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.Unicode.GetBytes(salt));

                 
                aes = new AesManaged();
                aes.KeySize = 256;
                aes.BlockSize = 128;
                aes.Key = rfc2898.GetBytes(aes.KeySize / 8);
                aes.IV = rfc2898.GetBytes(aes.BlockSize / 8);

             
                memoryStream = new MemoryStream();
                cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(aes.Key,aes.IV), CryptoStreamMode.Write);

                
                byte[] data = Convert.FromBase64String(dataToDecrypt);
                cryptoStream.Write(data, 0, data.Length);
                cryptoStream.FlushFinalBlock();

                
                byte[] decryptBytes = memoryStream.ToArray();
                return Encoding.Unicode.GetString(decryptBytes, 0, decryptBytes.Length);
            }
            finally
            {
                if (cryptoStream != null)
                    cryptoStream.Close();

                if (memoryStream != null)
                    memoryStream.Close();

                if (aes != null)
                    aes.Clear();
            }
        }




  
        }


    


}

Edited 5 Years Ago by AlBars: n/a

This article has been dead for over six months. Start a new discussion instead.