Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Is it possible to encrypt the login table (username and password) with AES or DES

Thanks
0
turbot_yu
Asked:
turbot_yu
  • 4
  • 4
5 Solutions
 
Kevin CrossChief Technology OfficerCommented:
I usually do this from the application that logging into.  And I have never tried with username, but in theory should work the same as password.

What the methodology is using encryption/hashing is to NOT try to decrypt the data in the database, but instead encrypt/hash the data coming in from user and compare to database.

So what application platform are you using?  Each has their own API for this.
0
 
Kevin CrossChief Technology OfficerCommented:
For encryption within SQL server itself, which would allow you to use the same mechanism from application to application without having to copy code or use a shared web service like I use:

http://www.example-code.com/sql/aes_stringEncryption.asp
http://aspnet.4guysfromrolla.com/articles/022107-1.aspx
0
 
dportasCommented:
Encrypting passwords is bad practice. Better to generate a password hash and verify that at login. Hashing should be used in conjunction with password complexity rules to guard against dictionary-based attacks.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
turbot_yuAuthor Commented:
The client side will be a PDA, windows mobile 6.

The server side will be a server, windows xp or windows server 2003, not fixed yet.

They request for AES or DES.
0
 
turbot_yuAuthor Commented:
http://www.example-code.com/sql/aes_stringEncryption.asp

Is it just work on the server side, the client just call the sql-pro?
Since I am quite new, may you give more details how it works.
0
 
Kevin CrossChief Technology OfficerCommented:
That procedure would work on the SQL server side, that is correct.  If you made this procedure take in a password as parameter and return you the encrypted/hashed version you could then utilize this procedure to hash the password before it is stored into database and then on your login process your username and password would be sent and this same procedure could be used to hash the client supplied password and then compare hash with value stored in database.

I too do not ever decrypt the passwords for this purpose, which is why I refer to as a has even though you are encrypting.  I would basically ignore the decrypt side of this. :)

What you will find is this is just protecting exposure of that data from attacks on the backend.  If you are transmitting this data from PDA to SQL server clear text (non-SSL) connection, then exposure is in the points between PDA and server (if goal here is security just thought I would mention).

Hope that helps.

Regards,
Kevin
0
 
turbot_yuAuthor Commented:
Hi Kevin

If I want to encrypt the password transfer between the cllient and server, do it mean I need to encrypt and decrypt the password at client side. Is there any way to do it, thanks.
0
 
Kevin CrossChief Technology OfficerCommented:
Are you talking about SSL communication?  As for encrypt/decrypt client side it would be up to the abilities of the program created to run on PDA.  Would be based on the language used and ability to use certain API/SDK toolsets on a mobile device.
0
 
turbot_yuAuthor Commented:
I am trying to encrypt the password in client device and send it into SQL server.

Also I will try to get the password from the server and decrypt it in the client device.

Is it possible, thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now