joe_pool_is Posted September 15, 2005 Posted September 15, 2005 I found a neat little command for encrypting passwords on my forms before storing them in my databases: HashPasswordForStoringInConfigFile, and I use it as such:strPwd1 = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd1.Text, "sha1");This does a wonderful job of turning any password into a large string of garble, but how do I convert it back into something usable so that I can compare my Visitors' passwords with what I have stored? I tried usingstrPwd2 = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd2.Text, "sha1"); if (strPwd1 == strPwd2) { // do stuff } else { // puke! }to compare what they punch in with what I have in the database, but it pukes every time! Quote Avoid Sears Home Improvement
Administrators PlausiblyDamp Posted September 15, 2005 Administrators Posted September 15, 2005 You don't. Hashing is a one way thing - this aids security because nobody can get a password back from a hash. If someone enters a password you need to hash that and then compared the new hash against the stored hash. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
joe_pool_is Posted September 15, 2005 Author Posted September 15, 2005 Ah! Okay, I guess that makes sense. Thanks. Quote Avoid Sears Home Improvement
cyrilgupta Posted September 19, 2005 Posted September 19, 2005 Hashing Ah! Okay' date=' I guess that makes sense. Thanks.[/quote'] I think hashing makes perfect sense if you wish to protect your customers from your own employees. PHP has a similar function. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.