Encrypt Sensitive Data Easily

asp:feature

LANGUAGES: VB.NET

TECHNOLOGIES:Encryption | Security

Encrypt Sensitive Data Easily

Use this VB .NET module to keep passwords in ASP.NETapps away from prying eyes.

By Steve C. Orr

Here's a simple way you can make your apps appreciablymore secure. Simply add the following VB .NET module to your project and callthe HashData function to hash any sensitive data so it is secure from pryingeyes:

Imports System.Text

Imports System.Security.Cryptography

Module modEncrypt

  Public Function HashData(ByVals As String) As String

    'Convert the string toa byte array

    Dim bytDataToHash AsByte() = _

     (NewUnicodeEncoding()).GetBytes(s)

    'Compute the MD5 hashalgorithm

    Dim bytHashValue AsByte() = _

    NewMD5CryptoServiceProvider().ComputeHash(bytDataToHash)

    ReturnBitConverter.ToString(bytHashValue)

  End Function

End Module

Once your string parameter is hashed, it's computationallyinfeasible to determine the plain-text version.

Of course, this works better for some kinds of data thanothers. It works especially well for storing passwords in databases. When a newuser signs up, simply hash his or her password and store the hashed value inthe database. When the user logs in next time, hash the password and compare itto the hashed value you stored in the database. If the hashes match, admit theuser.

Note, however, that if your user forgets the password,even you will not be able to decipher it. Most companies deal with thissituation by auto-generating a new password and sending it to the user'sregistered e-mail address, or by implementing a system such as password hintsor secret question/answer pairs.

Steve C. Orr is anMCSD currently working with The Cadmus Group Inc. You can reach him at http://steve.orr.net.