Security :: MD5 / Encrypted Sources Can Result In The Same Crypted Array?
Mar 16, 2010
reading on the web ive found the code below; i wonder if an encrypted string using this block generates an unique result or if different encrypted sources can result in the same crypted array:
private static TripleDES CreateDES(string password)
{
MD5 md5 = new MD5CryptoServiceProvider();
TripleDES des = new TripleDESCryptoServiceProvider();
des.Key = md5.ComputeHash(Encoding.Unicode.GetBytes(password));
des.IV = new byte[des.BlockSize / 8];
return des;
}
I am using a standard implementation of the membership provider. I however, need to compare a supplied password (from a textbox) with a saved encrypted password. This is for a new security policy at work.
i'm having a problem with symmetric key and certificate. the issue is, this database i'm using now is restored from a different source and ever since, i've been having problem regarding the symmetric key or certificate the error message i'd get from the aspx web pages would be "Please create a master key in the database or open the master key in the session before performing this operation" yes i did open the master key
For testing I used this:[URL]Encrypts only the password is not encrypted and username.Why not?For security reasons, I would like also to encrypts username.
for maintain security, i encrypted my password and store in database like following
Dim PWD As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text.Trim(), "SHA1").Trim()
but problem is suppose user forget his password and need to know then how can i decrypted the password and send to the user?is there any other suitable way to handle password?
So if i encrypt connectionstrings and sections, how will i get their values inside my code?I don't want to decrypt the web.config, i just want to read the encrypted values.There must be a class.Maybe something from ConfigurationManager?I don't suppose it's automatically decrypted?
I've taken over a website which has around 3000 users registered using the standard asp.net membership provider on a SQL database. When the website was set up there were a lot of gaps in the system and we have a lot of tidying up to do of users with the same email addresses etc and invalid addresses so i'm just starting to look at how i can wrap all of this up and make administering the user accounts easier.
At the moment the account passwords are stored in "Hashed" format set in the web.config and obviously this doesn't allow for password retrieval. I want to know whether there is a way of converting all of these passwords from a hashed format to an encrypted format thus allowing me to create a password recovery page that doesn't then send the user a new password which is quite often something like "a*ns7#<3lx"
Ideally i'd like to convert all of these if that is possible so that I do a much simpler password retrieval system. If this is not possible can you tell me how i go about setting the passwordreset value not to contain all sorts of non-alpha/numberic characters?
For our website, we have decided we would like to maintain our user passwords as encrypted binary data in our database. We are using ASP.NET 3.5 to host our site and SQL Server Express 2008 for the database, both running on the same server. When a user logs in and submits a username and password, there will need to be some sort of encryption or decryption in order to verify the credentials. To me, it would appear that there are 3 ways to do this:
1)[C# Encyrption] On User creation, perform encryption in the Web App and submit the encrypted password to the database. To verify credentials at Login, perform the same encryption on the submitted password and ensure that it matches the value stored in the database.
2)[SQL Encryption] On User creation, submit the plain-text password to the database and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, have the database perform decryption on the password during the SELECT statement, and compare the plain-text submitted password to the one in the database.
3)[Mix] On User creation, submit the plain-text password to the database, and have it perform one of the SQL encryption variants during INSERT. To verify credentials at Login, perform the same encryption algorithm used by SQL on the submitted password ( is this possible? ), and ensure that it matches the value stored in the database.
Does anybody have an opinion as to which of these options is best? Number 1) is the most familiar to me, and would be the easiest to use with LINQ to SQL ( which is our current data model ), so I am leaning towards that. But if there are better options I would love to know about them.
I have a small database, with a very small number of users. The passwords were stored as clear as the database was so small and held no sensitive data. The database is now to be expanded and passwords are required to be encrypted. I can change the Password Format in the web.config, but is there a way to change the existing passwords from clear to encrypted?
I need to know what would be the best choice of array to use given the following specifications. This array's size will be predermined upon the loading of the appication. All I want to do is be able to add values to this array and replace preexisting array items with new values without the array changing size. Someone suggested that I use a Dictionary Array Object? I would appreciate any suggestions.
I've created an Excel spreadsheet for my users to upload into my web application to bulk import memberships and roles into the application. There are up to 4 different roles which users can be members of so I'm using AddUsersToRoles to add the user to one or more roles in one line of code like this: r.AddUsersToRoles(usernames, CreateListOfRoles(Role1, Role2, Role3, Role4))
As this line of code expects a one-dimensional array of roles, I have created a function to take in the roles from my spreadsheet, add them into a one-dimensional array, and return that to the AddUsersToRoles method. The CreateListOfRoles function looks like this: [Code]....
The error that I'm getting though is "System.InvalidCastException: At least one element in the source array could not be cast down to the destination array type." I've stepped through the Function in debug mode and all the values look correct and there are the correct number of items in the array so I don't understand what's going wrong.
I have this ListView that has a Drop Down List.Everything works fine (I think/hope) except that the drop down list are not showing its result correctly.This is the code.
Front-End [Code]....
The code behind consist of the page_load and the ItemDataBound [Code]....
I'm having a problem with my Linq to XML query. I'm getting the result data I want, but it's nested so deep that there must be a better way.Here is my XML:
[Code]....
I'm trying to get a list (simple string[]) of all Item IDs where Category Names contains "Other".Here is my Linq:
[Code]....
[Code]....
Here is a snapshot of my result from Visual Studio:The results I want are there ("item100", "item400", "item500"), but buried so deeply in the results var.
Iam getting an array of list from database to client side(javascript array). Now my aim to place those values in a div one by one and that div should attach to the textbox similar to Autocomplete extender.
I'm trying to find open sources using asp.net and c# that are suitable to quickly build small web site without database, something like Joomla! but it uses php.
I'm looking to integrate a bunch of RSS/ATOM sources into a feed for our intranet. This is outside my usual realm of work so I've had very limited exposure to this.
I'd like to integrate all the feeds into a single reader such that all the news items are in chronological release order.
Is this doable? Do I need a special component? Or can I make the ASP.NET integrated components do all this simply enough?
I have a ReportViewer control on an ASP.Net page and an RDLC set up that uses a TableAdapter that pulls one record. This works fine.I'd like to have the *same* RDLC use a different TableAdapter (schema of table is the exact same, but may have multiple records). I've tried putting two DataSets in my RDLC and having the code dynamically select which one to use, but it's not working quite right for me.
Here is the situation. I need to hit ~50 servers and grab some data from a file. I then want to display a few rows for each in an ASP.NET GridView control.
I tried doing this with Threads/ThreadPool and successfully gather all the data in session.
What I'd like to do, and what I am having a hard time figuring out, is update the grid for the user after each server is done loading.
If I put the databinding code in the thread, it will only display whatever has loaded by the time the response is sent back to the client. If I take it out of the thread, I'd have to wait until all threads were done to send the response, and that doesn't do what I want.
I seeing some stuff about Asynchronous Client Callbacks, but I'm not sure if that's what I need to be using. I have no idea how to manipulate a GridView from Javascript.
