How can I encrypt the password stored in a database table ?

[Alex Nitulescu]

Hi. I am writing an app which stores usernames/passwords and email addresses
in a database table.

The question is how can I encrypt the password provided by the user ?

FormsAuthentication.Encrypt produces an encrypted string, but it is for use
in a ticket.

On the other hand, FormsAuthentication.HashPasswordForStoringInConfigFile
produces an encrypted string for use in a config.xml file.
Anyway, even if I wanted to use this one, how do I reverse it (decrypt it)
in order to be able to send it to the user in case he requests it (Forgotten
password) ?

The second question would be how do I get my application's name ?

Thanks a lot, Alex.

 

[Steve C. Orr [MVP, MCSD]]

I think you should hash the password. It's true you can't decrypt it, but
neither can anybody else, therefore you will never be liable for letting
people's passwords get stolen.
Here are the details:
http://SteveOrr.net/faq/encrypt.aspx

 

[Alex Nitulescu]

Yes, Steve, but in this case how could I provide that "fogotten password"
feature - I plan to be able to send an email to the user, containing the
username & password, as most sites do !

Should I roll up my own encryption/decryption system, then ?

 

[Alex Nitulescu]

Okay, sorry, Steve, I rushed to answer you BEFORE noticing and therefore
reading your link. I'll follow the links on the page provided.

Thanks a lot for your time,
Alex.