DevForce 2009: Password Encryption

Password Encryption

Printed From: IdeaBlade
Category: DevForce
Forum Name: DevForce 2009
Forum Discription: For .NET 3.5
URL: http://www.ideablade.com/forum/forum_posts.asp?TID=1001
Printed Date: 31-May-2025 at 8:02pm

Topic: Password Encryption

Posted By: LesleySastro
Subject: Password Encryption
Date Posted: 13-Nov-2008 at 12:48pm

In DevForce Classic I used the following statement to store encrypted passwords in the database

return IdeaBlade.Util.CryptoFns.MD5HashUTF16ToString(pPassword.Trim() + pSalt.Trim());

I'm currently in the process of migrating/rewriting that application to DevForce EF and I have noticed that the above function does not exist in assembly Ideablade.Util.v4. Does anybody know where I can find the same functionality?

Replies:

Posted By: GregD
Date Posted: 13-Nov-2008 at 4:03pm

This will do it:

CodingFns.EncodeBase64(CryptoFns.AesGetHashKey(password));

I didn't include the salt in the above, but you could easily add that.

CryptoFns.AesGetHashKey() returns the hash as a byte array; EncodeBase64 converts the byte array to a string.

In case it's useful, here's a little method I wrote recently to update (hashed) passwords in the NorthwindIB database:

private void _updatePasswordButton_Click(object sender, EventArgs e) {
string userName = (string)_userNameComboBox.SelectedItem;
string password = _newPasswordTextBox.Text.Trim();
User aUser = _mgr.Users.Where(u => u.UserName == userName).FirstOrNullEntity();
if (!aUser.EntityAspect.IsNullEntity) {
aUser.UserPassword = CodingFns.EncodeBase64(CryptoFns.AesGetHashKey(password));
}
else {
MessageBox.Show("Couldn't find that user!");
}
SaveAllChanges();
}

_mgr in the above is defined elsewhere as a DomainModelEntityManager and set to DomainModelEntityManager.DefaultManager. I populated the comboBox as follows:

private void ConfigureComboBox() {
foreach (string aUserName in _mgr.Users.OrderBy(u=>u.UserName).Select(u => u.UserName)) {
_userNameComboBox.Items.Add(aUserName);
}
}

Posted By: LesleySastro
Date Posted: 14-Nov-2008 at 8:09am

Thanks for your info.

Another question, will your method result in the same output. So if I compare the result of same CodingFns.EncodeBase64(CryptoFns.AesGetHashKey(password)) and CryptoFns.MD5HashUTF16ToString(password) will it be equal?

That is for me very important, because I have a legacy database with all the passwords stored in it, and I must be able to access/compare it with the new method.