[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to encrypt Sql server passwords?

Posted on 2012-08-23
5
Medium Priority
?
1,203 Views
Last Modified: 2012-08-25
How can I encrypt and decrypt my plain text passwords in a sql server table? Currently they are in plain text so anyone can retreive them.

Thanks.
0
Comment
Question by:Ricky66
5 Comments
 
LVL 1

Accepted Solution

by:
alansjunk earned 800 total points
ID: 38327449
There are methods available to do this, but you only encrypt something is you want to decrypt it later.

Another option is to Hash the password and store the result in the table.

Next time a user logs in, you hash the password they logged in with and then compare that hash to the one stored in the database. If they're the same, the password was entered correctly.

Hash values cannot typically be reverse engineered.

Google 'Hash passwords' for the environment you are working in.
0
 
LVL 9

Expert Comment

by:Vijaya Reddy Pinnapa Reddy
ID: 38327805
0
 
LVL 23

Assisted Solution

by:Michael Fowler
Michael Fowler earned 600 total points
ID: 38327981
Here is a static class I created to encrypt/decrypt strings. I stored the password and salt in the solution's resources. So you need to either set up a string1 and string2 in the resources or change Properties.Resources.string1 and Properties.Resources.string1 in the GetKey function to something else.

Michael

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

namespace Bus_Status.Model.Static_Classes {
   static class vault {
      /****************************************************************************************************************/
      #region Public Methods

      public static string Encrypt(string plainText) {
         RijndaelManaged key = GetKey();
         byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
         using (ICryptoTransform encryptor = key.CreateEncryptor()) {
            using (MemoryStream memoryStream = new MemoryStream()) {
               using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)) {
                  cryptoStream.Write(plainTextBytes, 0, plainText.Length);
                  cryptoStream.FlushFinalBlock();
                  return Convert.ToBase64String(memoryStream.ToArray());
               }
            }
         }
      }

      public static string Decrypt(string encryptedString) {
         RijndaelManaged key = GetKey();
         byte[] encryptedData = Convert.FromBase64String(encryptedString);
         using (ICryptoTransform decryptor = key.CreateDecryptor(key.Key, key.IV)) {
            using (MemoryStream memoryStream = new MemoryStream(encryptedData)) {
               using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)) {
                  byte[] plainText = new byte[encryptedData.Length];
                  int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
                  return Encoding.UTF8.GetString(plainText, 0, decryptedCount);
               }
            }
         }
      }

      #endregion
      /****************************************************************************************************************/
      #region Private Methods

      //Create encryption key
      private static RijndaelManaged GetKey() {
         RijndaelManaged key = new RijndaelManaged();
         byte[] passwordBytes = Encoding.UTF8.GetBytes(Properties.Resources.string1);
         byte[] saltBytes = Encoding.UTF8.GetBytes(Properties.Resources.string2);
         PasswordDeriveBytes p = new PasswordDeriveBytes(passwordBytes, saltBytes);
         key.IV = p.GetBytes(key.BlockSize / 8);
         key.Key = p.GetBytes(key.KeySize / 8);
         return key;
      }

      #endregion
      /****************************************************************************************************************/
   }
}

Open in new window

0
 
LVL 14

Assisted Solution

by:Vel Eous
Vel Eous earned 600 total points
ID: 38328339
Do not use an encryption method for storing passwords in you're database.  Use a hashing algorithm on the plain text in conjunction with a salt.

Also do not use MD5 or SHA as these are general purpose and "relatively" easily broken, instead use something like BCrypt:

http://bcrypt.codeplex.com/
0
 

Author Closing Comment

by:Ricky66
ID: 38333275
Thanks
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Ready to get certified? Check out some courses that help you prepare for third-party exams.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…
Suggested Courses

826 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question