April 2, 2012 at 7:42 am
Hi there
I just want some input, thoughts about securing login details.
At the moment I have a varbinary field and using a SQL Server certificate and symmetric key, I encrypt and decrypt the password as needs be.
Is this sufficient or should I considering using a salted-hash password via the .Net application itself?
Thanks
April 2, 2012 at 8:15 am
Jako de Wet (4/2/2012)
...Is this sufficient or should I considering using a salted-hash password via the .Net application itself?
Thanks
depends on what you are trying to accomplish. if you need something to be "totally" (meaning if you pick good passwords) secure then you most likely will use the salted-hash to introduce some form of randomness (or sudo-randomness depending) to prevent easily reverse engineering your encryption method.
now in another application plain text may be just fine and what you have right now is over blown.
all depends on the business requirements.
For performance Issues see how we like them posted here: How to Post Performance Problems - Gail Shaw[/url]
Need to Split some strings? Jeff Moden's DelimitedSplit8K[/url]
Jeff Moden's Cross tab and Pivots Part 1[/url]
Jeff Moden's Cross tab and Pivots Part 2[/url]
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply