This post is kindo of asking what I need but not very well... How to encrypt password
Essentially I have a model "User"
Public Class User
Public Property ID As Integer
Public Property NickName As String
Public Property EmailAddress As String
Public Property Password As String
End Class
I want to be able to do something like this....
Public Class User
Public Property ID As Integer
Public Property NickName As String
Public Property EmailAddress As String
Public Property Password As String
Get
Return Password
End Get
Set(value As String)
Password = DoMyHashing(value)
End Set
End Property
End Class
Is there any way to do this simply?
EDIT : I have since started using BrockAllen.MembershipReboot which uses the federated identity system. It's much better than membership provider in my opinion!
Security is not something that should be taken lightly and even better not reinvented. Simple doesn't necessarily mean secure. So you could use the existing membership provider which already implements security for you and stores only hashed versions of passwords in the database.
And if you don't want to use the membership provider but implement password hashing yourself, here's a good guide you might consider going through before getting into coding.
Here's a secure way to generate password hashes:
To Store a Password
- Generate a long random salt using a CSPRNG.
- Prepend the salt to the password and hash it with a standard cryptographic hash function such as SHA256.
- Save both the salt and the hash in the user's database record.
To Validate a Password
- Retrieve the user's salt and hash from the database.
- Prepend the salt to the given password and hash it using the same hash function.
- Compare the hash of the given password with the hash from the database. If they match, the password is correct. Otherwise, the password is incorrect.