If is absolutely useless for encoding a password. What's cryptic about it? This code is designed to send binary data in text data, such as e-mail messages or HTTP. Everyone can decode it to original password. This is nearly the same as storing unprotected passwords in their original form, which is absolutely not acceptable.
For encryption methods, see the name space
System.Security.Cryptography
,
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx[
^].
For introduction, read this:
http://msdn.microsoft.com/en-us/library/92f9ye3s.aspx[
^].
You can use two approaches for password: "real" cryptography, for example,
public-key cryptography (
http://en.wikipedia.org/wiki/Public-key_cryptography[
^]) or
cryptographic hash function (
http://en.wikipedia.org/wiki/Cryptographic_hash_function[
^]).
The approach with cryptographic hash function is the simplest one. You apply the function to the password and store it in the hashed form. It is impossible to revert the hash and obtain password. Nobody need its, ever. When your software gets a password, it performs the same hash function and compare the result with the stored hash. The original password is never used, which adds to security of this method. For the cryptographic hash function, use one of the "SHA" classes
System.Security.Cryptography
:
SHA512
,
SHA256
, etc.
For explanation of "SHA" class of algorithms, see
http://en.wikipedia.org/wiki/SHA2[
^].
Warning! Never use MD5 (
http://en.wikipedia.org/wiki/MD5[
^]) for any security purposes! This function is considered "broken", so using it is unsafe.
[EDIT]
Pay attention for the important note below (thank you, Kim). Using unique free parameter for hash function per user also removes the risk of learning the password by the user who accidentally uses identical password. The parameters can be stored along with cashed passwords. Even if the access to the password file is broken and someone reads the hashed passwords with hash function parameters, it cannot help to revert the hash function to get an original password. To understand it, please read the Wikipedia article on cryptographic hash function I referenced above.
—SA