C# – Password Encoder – MD5 Cryptography Service Provider


When trying to develop say, a simple login form, do you “in all honesty” pass the password string (********) to the back end server and try comparing it to the one saved on the database? If this is true then, your security features is not so strong (even if your using APIs that stripped SQLs in case of injection).

  • Password passed as String – can be hacked – most certainly when your site does not use HTTPS (S – for secure – https basically opens up another secure port for your request – thus allowing transactions with high security).
  • Password on Database as String? – What if your database was hacked? What if a hacker finds out about your Database Connection – by developing a randomizer algorithm that endlessly try to access your database?

There are complicated design concepts that solves this simple security and one of the basic way of doing so is the use of: Encryption.

When I tried developing my first C# application (expense manager), the first module I developed is the Login Screen – This is all the pre-loaded objects will be initialize as well as the user session.

I use an MD5 Cryptography Service Provider for the passwords that goes in and out of the database. Check out the code below:

public static string EncodePassword(string originalPassword) {

Byte[] originalBytes;
Byte[] encodedBytes;
MD5 md5;


// Create MD5 Cryptography Service Provider.
md5 = new MD5CryptoServiceProvider();
originalBytes = ASCIIEncoding.Default.GetBytes(originalPassword);
encodedBytes = md5.ComputeHash(originalBytes);
return BitConverter.ToString(encodedBytes);

}

you have to import: System.Security.Cryptography before you can use it though.

The code above allows me to encrypt the password using the MD5 Hash algorithm and vice versa (convert it to its original string form).

Get this, you can use this Service and create your own Crytopgraphy algorithm so that you can malformed the encrypted strings on your own. 🙂 This will allow you to really put some strong defense on your system as well as in your design.

Would you put your data at risk?