LANGUAGES: VB .NET
TECHNOLOGIES: Encryption | Security
Encrypt Sensitive Data Easily
Use this VB .NET module to keep passwords in ASP.NET apps away from prying eyes.
By Steve C. Orr
Here's a simple way you can make your apps appreciably more secure. Simply add the following VB .NET module to your project and call the HashData function to hash any sensitive data so it is secure from prying eyes:
Public Function HashData(ByVal s As String) As String
'Convert the string to a byte array
Dim bytDataToHash As Byte() = _
'Compute the MD5 hash algorithm
Dim bytHashValue As Byte() = _
Once your string parameter is hashed, it's computationally infeasible to determine the plain-text version.
Of course, this works better for some kinds of data than others. It works especially well for storing passwords in databases. When a new user signs up, simply hash his or her password and store the hashed value in the database. When the user logs in next time, hash the password and compare it to the hashed value you stored in the database. If the hashes match, admit the user.
Note, however, that if your user forgets the password, even you will not be able to decipher it. Most companies deal with this situation by auto-generating a new password and sending it to the user's registered e-mail address, or by implementing a system such as password hints or secret question/answer pairs.
Steve C. Orr is an MCSD currently working with The Cadmus Group Inc. You can reach him at http://steve.orr.net.