on that note, append a certain amount of characters to the beginning and end of the password before you hash it, and remove them when you retrieve the password. That what you meant Joe? Thats a good idea.
On Fri, Nov 14, 2008 at 10:46 AM, Joe Enos <[EMAIL PROTECTED]> wrote: > > Lots of answers regarding full encryption/decryption, just seems like > overkill for simple password storage. Assuming the password is case- > sensitive, which it definitely should be, I'm with the > HashPasswordForStoringInConfigFile crowd - it's simple, fast, and > doesn't require any public/private or symmetric key maintenance. It > is also designed so that a password cannot be reverse engineered by > design, so there's no chance that anyone will ever see your password > in plain text ever again, without serious effort. > > The only thing I'd add is that you should salt your password before > adding it to the database. For example, a simple salt would be the > primary key appended to the beginning or end of the password, or mixed > in, or something to that effect, as long as it's reproducible at the > time of the user's login. > > On Nov 14, 3:08 am, "karthi keyan" <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I have just designed a registration fom (Windows application) in C#. I > am > > using Ms-access for storing the user information. I need to store the > > password entered by the user in a encrypted manner. > > > > Can any one help me out / guide me on this? > > > > Regards, > > Karthikeyan >
