Login password encryption [duplicate]

Question

Login password encryption [duplicate]

Navigation

#1 by (0 votes)

0

I need to create a way to encrypt my login password on my system, as I have not yet implemented this security and I have no idea how to do this.

So how could I create this encryption and compare it to the login time and see if it's right? That is, create that hash to confuse the attacker (if I have a person using While Shark to try to intercept my password)?

What is the best way (base 64, MD5, RSA, among other ways)?

Here is the code for my controller that I use to login and compare the login and password in the database:

AuthenticationController

 [HttpPost]
    public ActionResult Index(String Login, String Senha)
    {
        //verificando login pelo usuario do banco de dados ...
        Usuario login = db.Usuarios.Where(x => x.Login == Login && x.Senha == Senha).FirstOrDefault();
        if (login != null)
        {
            FormsAuthentication.SetAuthCookie(login.Nome.ToString(), false);
            Session.Add(".PermissionCookie", login.Perfil);
            Session.Add("UsuarioID", login.UsuarioID);
            return RedirectToAction("Index", "Home"); //pagina padrao para todos os usuarios...
        }
        return RedirectToAction("Index");

    }

asp.net-mvc-5 criptografia

asked by anonymous 11.02.2015 / 01:40

1 answer

action menu with radio button Intersection and Subtraction Clusters

score 0 · Accepted Answer

Each of these algorithms has a different purpose, so to protect the password is interesting if you use them at different times.

For example, to protect the password from a man-in-the-middle attack, it is important to use SSL, which basically uses RSA.

Now to store the password in the Database, it is interesting to use AES or SHA.

If you choose to use AES, you have the combination of the Rijndael algorithm with blocks and 256-bit keys.

Another option is to use a Hash algorithm, in this case give preference to SHA-2, SHA-3 or BLAKE2, in this case I would advise using BLAKE2.

In both cases it is interesting to use a Salt, I would advise a Random and Unique Guid for each password.