1
As I do in my ASP.Net MVC 5 and EF 6 application to save encrypted passwords in MD5 format when creating users?
2 answers
3
The easiest way is to add a library by Nuget (Manage Nuget Packages...). There are countless libraries for this. It’s better this way, because the algorithm should be much more tested, and by the ease of switching afterwards for a better encryption (like Blowfish).
My suggestion is to use the Cryptsharp. If you want, you can put encryption-related methods in a separate class:
using System;
using CryptSharp;
public static class Criptografia
{
public static string Codifica(string senha) {
return Crypter.MD5.Crypt(senha);
}
public static bool Compara(string senha, string hash) {
return Crypter.CheckPassword(senha, hash);
}
}
and then use:
public ActionResult CriaUsuario(CriaUsuarioViewModel vm) {
// ...
var senhaCriptografada = Criptografia.Codifica(senha);
// ...
}
public ActionResult Login(LoginViewModel vm) {
// ...
var usuario = dc.Usuarios.FirstOrDefault(x => x.Login == vm.Login);
if (Criptografia.Compara(vm.senha, usuario.Senha)){
// OK
}
else {
// Senha incorreta
}
// ...
}
-
André, I tried to use cryptsharp to generate a password MD5 hexadecimal of 32 characters but generated one of 34 characters (without being hexadecimal, with dots, bars, ciphers etc). Do you know if there are any parameters for me to do the password as I want?
-
Just one comment, taking into account that some users (like me) may think about using Blowfish after reading this answer: It is no longer recommended, by using only 64-bit key. A brief googlada gives to research good alternatives for the algorithm to be used.
1
The method below encodes the user’s password in the standard Base 64, but can be used MD5 without problems, only replacing the Base 64 method with an equivalent MD5:
/// <summary>
/// Encode password.
/// </summary>
/// <param name="password">Password.</param>
/// <returns>Encoded password.</returns>
private string EncodePassword(string password)
{
string encodedPassword = password;
switch (PasswordFormat)
{
case MembershipPasswordFormat.Clear:
break;
case MembershipPasswordFormat.Encrypted:
byte[] encryptedPass = EncryptPassword(Encoding.Unicode.GetBytes(password));
encodedPassword = Convert.ToBase64String(encryptedPass);
break;
case MembershipPasswordFormat.Hashed:
HMACSHA1 hash = new HMACSHA1();
hash.Key = HexToByte(machineKey.ValidationKey);
encodedPassword =
Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
break;
default:
throw new ProviderException("Unsupported password format.");
}
return encodedPassword;
}
A method that can be implemented native is available at this link:
public string CalculateMD5Hash(string input)
{
// Calcular o Hash
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
// Converter byte array para string hexadecimal
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("X2"));
}
return sb.ToString();
}
Use:
seuModel.Senha = EncodePassword(senha);
The problem is that the MD5 is not reversible, unlike Base 64.
-
3
The fact that the MD5 is not reversible is not a problem, it is exactly what a system like this needs. Except in very specific cases, a system should not store the encrypted password of any user so that it (the password) can be recreated (via "decryption") - if there is a leakage of the hash information of the passwords they cannot (easily) be recreated.
-
1
I pointed this out because using a proovider like the
Membershipthere is this possibility of password reversal. But I don’t know if it matters for the answer.
Browser other questions tagged c# asp.net-mvc-5 entity-framework-6 md5
You are not signed in. Login or sign up in order to post.
You want a function that creates the MD5?
– Tiedt Tech
Users by Membership.. or a schema of their own (tables created in the Database..)?
– Andre Figueiredo