Securing User Credentials

  • Hi there

    I just want some input, thoughts about securing login details.

    At the moment I have a varbinary field and using a SQL Server certificate and symmetric key, I encrypt and decrypt the password as needs be.

    Is this sufficient or should I considering using a salted-hash password via the .Net application itself?

    Thanks

  • Jako de Wet (4/2/2012)


    ...

    Is this sufficient or should I considering using a salted-hash password via the .Net application itself?

    Thanks

    depends on what you are trying to accomplish. if you need something to be "totally" (meaning if you pick good passwords) secure then you most likely will use the salted-hash to introduce some form of randomness (or sudo-randomness depending) to prevent easily reverse engineering your encryption method.

    now in another application plain text may be just fine and what you have right now is over blown.

    all depends on the business requirements.


    For faster help in answering any problems Please read How to post data/code on a forum to get the best help - Jeff Moden[/url] for the best way to ask your question.

    For performance Issues see how we like them posted here: How to Post Performance Problems - Gail Shaw[/url]

    Need to Split some strings? Jeff Moden's DelimitedSplit8K[/url]
    Jeff Moden's Cross tab and Pivots Part 1[/url]
    Jeff Moden's Cross tab and Pivots Part 2[/url]

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply