I need to be able to store user credentials in the database I'm looking after (SQL Server 2005 and it's use is being extended through IIS web services) securely.
What is best practice for encrypting passwords, storing them and then being able to compare hash's to determine if a set of credentials are in fact valid?
Anyone have any examples they'd be willing to share?
Regards