Create an MD5 Hash For a Password String
If you have to store passwords, you should never ever store them as plain text (no exceptions!). Chances are if someone creates a password for your site, they use it all over the place (even though they really should not). If someone got a hold of where you're storing these passwords (like a database table or on an old napkin), they potentially have access to usernames and passwords for bank accounts, private networks, and anything else that might need a password.
MD5 is a widely used hash algorithm that converts an expression into a 32 digit hexadecimal number. While MD5 is more secure than plain text, know that it's not perfect either. For instance, MD5 can be defeated through the use of a "rainbow table". Rainbow tables are lookup tables of hashes that can be used in a brute force attack to determine the value of a hash.
If you want to store passwords on your site, first convert them to MD5 and save this string instead. Then when the user tries to logon, you will convert their password to MD5 as well and compare the two values to see if valid logon information has been entered.
Below is a simple C# expression that takes in a string and returns an MD5 hash.
public string md5EncodeString(string inputString)
{
// Hash this user's password information.
MD5 md5HashObject = new MD5CryptoServiceProvider();
Byte[] originalStringBytes = ASCIIEncoding.Default.GetBytes(inputString);
Byte[] encodedStringBytes = md5HashObject.ComputeHash(originalStringBytes);
// Assign hash code as the user's password.
return BitConverter.ToString(encodedStringBytes);
}
To make this more secure, you can add a salt to the string you are encrypting. None of this is perfect, but at least saving a string as an MD5 hash is still a big advantage over saving it as plain text.
/td
This article has been view 1015 times.
|