How to secure password by MD5 encrypting
You can secure your password which is entered by user using md5 encrypting technique. when user entered plain password, it is automatic converted into encrypted text. MD5 password can't be reversal into plain text. so it's secure.
User entered plain password on text box and it's convert into md5 using following code.
Paste code on .aspx
<script language="javascript" type="text/javascript" src="scripts/md5.js"></script>
<script language="javascript" type="text/javascript">
function loginmd5() {
var strhiden = calcMD5('<%=(string)Session["RndNo"]%>');
var pwd1 = calcMD5(document.getElementById("txt_pass").value);
var encipt1 = calcMD5(pwd1 + strhiden);document.getElementById("txt_pass").maxLength = encipt1.length;
document.getElementById("txt_pass").value = encipt1;
}
</script>
<input type="password" id="txt_pass" OnClientClick="Javascript:return loginmd5();" runat="server" maxlength="6" autocomplete="off" />
//you can use asp control textbox also
Here, first of all converting "session["RndNo"]" (It's generate on server side) into md5. than plain password is also converting into md5. finally converting both md5 value into md5 using "calcMD5(pwd1 + strhiden)".
than final md5 value set to text box.
Now on .aspx.cs page
using System.Security.Cryptography;
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
//random number use for MD5 encrypting
RandamNumber rdnum = new RandamNumber();
Session["RndNo"] = rdnum.GetRandomString();
}
}
protected void btn_submit_Click1(object sender, ImageClickEventArgs e)
{
//Get original password from database using user id.
string pwd1 = dt1.Rows[0]["Password"].ToString();
//use same process as on .aspx page.
pwd2 = getMd5Hash(pwd1);//convert plain password into md5
pwd3 = getMd5Hash(Session["RndNo"]);//convert Rndno into md5
pwd2 = getMd5Hash(pwd2 + pwd3);//now convert both value into md5 again
if (txt_pass.Text.Trim()!= pwd2)//match both md5 value is same
{
//Code after password authenticate
}
else
{
//password authenticate fail
}
}
public string getMd5Hash(string input)
{
string rurl = "", LoginKey = "";
if (input == "")
{
return "false";
}
MD5 md5Hasher = MD5.Create();
byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
StringBuilder sBuilder = new StringBuilder();
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
return sBuilder.ToString();
}
Here we have generate random number in session variable using of MD5.
On button click, we receive MD5 password which encrypted by javascript.
Now get original password from database and convert into md5 and match with text box md5 password. if it's match then password authenticate otherwise fail.
Benefit: If hacker want to hack password, he will receive MD5 converted password, which is not reversal into original password..
I hope it will be helpful to you.
Hello Varun,
Really a good article on securing password by MD5 encrypting technique. In our Forums many people have asked question about
encrypting the password this one should help other member too.
Thanks Varun