How do I make my Password Encrypted using Winform?

Question

0.00/5 (No votes)

See more:

I have done following things ,Now I want my password to be secured with any of Encryption Model like MD5. Please help me in Using Encryption Process.I just need to know about encryption .

private void button1_Click(object sender, EventArgs e)
       {

           string connection = "Server = JV66-INTERN\\SQLEXPRESS; Database = testdb; Trusted_Connection = True";

             SqlConnection connect = new SqlConnection(connection);

             connect.Open();
             //MessageBox.Show(connect.State.ToString());


             SqlCommand cmd = new SqlCommand("SELECT username,password FROM Users WHERE username='" + textBox1.Text + "' and password='" + textBox2.Text + "'", connect);

             string result;

             result = (string)cmd.ExecuteScalar();
           //  MessageBox.Show(result);


             if (result == textBox1.Text)
             {
                 LoggedInForm newf = new LoggedInForm(textBox1.Text.ToString());
                 newf.ShowDialog();

             }
             else
             {

                 MessageBox.Show("The Given Account is Not Present in Database");
             }

[edit]Code block added - OriginalGriff[/edit]

Posted 15-Jun-11 20:26pm

shoebass

Updated 15-Jun-11 20:30pm

OriginalGriff

v2

Add a Solution

Comments

Uday P.Singh 16-Jun-11 2:37am

MD5 is not an encryption technique, its an hashing algorithm, not clear what do you want to do with this code??

shoebass 16-Jun-11 3:02am

I yeah I got to learn that it is not encryption technique and has flaws and is not recommended these days for new application development as suggested by originalgriff. What I want is I have designed a login winform (C#) and database ,but the password to login is plain text it is not hashed or encrypted. The previous code is to just login into the system with valid username and password .
Now i want to make the password more secured and I am suggested to use SHA3. But I barely know how to use SHA3 . I read the article of OriginalGriff but have difficult time in understanding it. If you understood my problem I would be more than glad to get some directions.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2011-06-15T20:32:00

Solution 1

MD5 is not an encryption algorithm - it is a hashing algorithm. The difference is that hashing is not reversible, and does not require an encryption key - for passwords it is the way to go. However, MD5 is officialy classed as broken - you should use SHA instead.

There is a Tip / Trick here that will help: Password Storage: How to do it.[^]

Posted 15-Jun-11 20:32pm

OriginalGriff

Comments

CS2011 16-Jun-11 3:03am

Nice answer. My 5+

Sergey Alexandrovich Kryukov 16-Jun-11 4:29am

Absolutely. My 5. Hashing algorithm can be used for passwords, of course.
--SA

OriginalGriff · Answer 2 · 2011-06-15T20:36:00

On a separate note, do not do your database access like that: it is an invitation to a deliberate or accidental SQL Injection attack which could destroy your database. Use Parametrized queries instead:

SqlCommand cmd = new SqlCommand("SELECT username,password FROM Users WHERE username=@UN and password=@PW", connect);
cmd.Parameters.AddWithValue("@UN", textBox1.Text);
cmd.Parameters.AddWithValue("@PW", textBox2.Text);
string result;

result = (string)cmd.ExecuteScalar();

walterhevedeich · Answer 3 · 2011-06-15T20:37:00

Solution 3

Depending on your needs, you may want to choose your own encryption algorithm. You may want to read about the different types of encryption algorithms. For a simple one, you may want to try out the following links.

Simple Encryption in C#[^]
Simple Decryption in C#[^]

Posted 15-Jun-11 20:37pm

walterhevedeich