Encrypting Data - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Encrypting Data

Message

08/10/2009 03:11:43

Viv Phillips
Hay-On-Wye, Royaume Uni

07/10/2009 16:21:40

Kevin Marois
Marois Consulting
Winchester, Californie, États-Unis

Information générale

Forum:

Microsoft SQL Server

Catégorie:

Conception bases de données

Titre:

Re: Encrypting Data

Divers

Thread ID:

01428109

Message ID:

01428205

Vues:

>I'm putting together some table to manage users, roles, and rights.
>
>Anyone see any problems with encrypting all the data in all three tables?

I'm working on a similar thing at the moment. Your needs are probably different but I decided:
(a) To handle the encryption in a tier that will make it back-end agnostic.
(b) To only secure the password - and then by hash value rather than encryption.

FWIW, here's the class I use for hashing/comparing.

    static public class HashFunctions
    {
        public static Byte[] GetHashValue(string s)
        {
            byte[] source = ASCIIEncoding.ASCII.GetBytes(s);
            return  new MD5CryptoServiceProvider().ComputeHash(source);
        }

        public static bool CompareHash(byte[] first, byte[] second)
        {
            bool equal = false;
            if (first.Length == second.Length)
            {
                int i=0;
                while (i < first.Length && (first[i] == second[i]))
                    i++;
                equal = i == first.Length;
            }
            return equal;
        }

        public static bool CompareHash(byte[] b,string s)
        {
            return CompareHash(b, GetHashValue(s));
        }
    }

The password is stored as a byte array (varbinary() in MSSQL)

Répondre

Fil

Voir

Click here to load this message in the networking platform