How to secure password by MD5 encrypting


You can secure your password which is entered by user using md5 encrypting technique. when user entered plain password, it is automatic converted into encrypted text. MD5 password can't be reversal into plain text. so it's secure.

User entered plain password on text box and it's convert into md5 using following code.

Paste code on .aspx


<script language="javascript" type="text/javascript" src="scripts/md5.js"></script>
<script language="javascript" type="text/javascript">
function loginmd5() {
var strhiden = calcMD5('<%=(string)Session["RndNo"]%>');
var pwd1 = calcMD5(document.getElementById("txt_pass").value);
var encipt1 = calcMD5(pwd1 + strhiden);document.getElementById("txt_pass").maxLength = encipt1.length;
document.getElementById("txt_pass").value = encipt1;
}
</script>

<input type="password" id="txt_pass" OnClientClick="Javascript:return loginmd5();" runat="server" maxlength="6" autocomplete="off" />
//you can use asp control textbox also


Here, first of all converting "session["RndNo"]" (It's generate on server side) into md5. than plain password is also converting into md5. finally converting both md5 value into md5 using "calcMD5(pwd1 + strhiden)".
than final md5 value set to text box.

Now on .aspx.cs page




using System.Security.Cryptography;

protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
//random number use for MD5 encrypting
RandamNumber rdnum = new RandamNumber();
Session["RndNo"] = rdnum.GetRandomString();
}
}
protected void btn_submit_Click1(object sender, ImageClickEventArgs e)
{
//Get original password from database using user id.

string pwd1 = dt1.Rows[0]["Password"].ToString();
//use same process as on .aspx page.
pwd2 = getMd5Hash(pwd1);//convert plain password into md5
pwd3 = getMd5Hash(Session["RndNo"]);//convert Rndno into md5
pwd2 = getMd5Hash(pwd2 + pwd3);//now convert both value into md5 again
if (txt_pass.Text.Trim()!= pwd2)//match both md5 value is same
{
//Code after password authenticate
}
else
{
//password authenticate fail
}
}

public string getMd5Hash(string input)
{
string rurl = "", LoginKey = "";
if (input == "")
{
return "false";
}
MD5 md5Hasher = MD5.Create();
byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}

Here we have generate random number in session variable using of MD5.
On button click, we receive MD5 password which encrypted by javascript.
Now get original password from database and convert into md5 and match with text box md5 password. if it's match then password authenticate otherwise fail.

Benefit: If hacker want to hack password, he will receive MD5 converted password, which is not reversal into original password..

I hope it will be helpful to you.


Attachments

  • Script for MD5 encrypting (44880-11656-Script-MD5-encrypting.js)
  • Comments

    Author: baskar26 May 2013 Member Level: Gold   Points : 2

    Hello Varun,

    Really a good article on securing password by MD5 encrypting technique. In our Forums many people have asked question about
    encrypting the password this one should help other member too.

    Thanks Varun

    Author: baskar26 May 2013 Member Level: Gold   Points : 7

    Hello Friends,

    Just to add few point to the article .Microsoft provides the below Encryption and Decryption algorithm

    Here are the few Techinques

    1. DES - Data Encryption Standard (DES) algorithm
    2. TripleDES - Triple Data Encryption Standard
    3. AES - Advanced Encryption Standard


    All these are derived from the below namespace and the assembly.

    Namespace: System.Security.Cryptography
    Assembly: mscorlib (in mscorlib.dll)


    To work with DES algorithm you need to use the below namespaces

    System.Object
    System.Security.Cryptography.SymmetricAlgorithm
    System.Security.Cryptography.DES
    System.Security.Cryptography.DESCryptoServiceProvider

    To work with TripleDES the namespaces are

    System.Object
    System.Security.Cryptography.SymmetricAlgorithm
    System.Security.Cryptography.TripleDES
    System.Security.Cryptography.TripleDESCryptoServiceProvider


    For AES these namespace are required to work
    System.Object
    System.Security.Cryptography.SymmetricAlgorithm
    System.Security.Cryptography.Aes
    System.Security.Cryptography.AesCryptoServiceProvider
    System.Security.Cryptography.AesManaged


    All i have just given is an overview you can explore from here.



  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: