Vishal... RC4 and DES are examples of two way algorithms. The .NET
cryptograhpy API has two way algorithms, but it is _not_ recommended
that you store the encrypted passwords on the server. If someone
compromises the server they can decrypt them. If you only store
hashcodes on the server, it will be difficult to recreate the password
table. In fact, don't just hash the passwords, but combine the password
with a random "salt" --> hash the result and store the hash and random
salt on the server. To verify the user's credentials, take the users
input, add it to the stored random salt --> hash the result and compare
it to the stored hash.
Regards,
Jeff
Can anybody tell me which encryption is used
for two-way? So that I can encrypt/decrypt the passwords?<
*** Sent via Developersdex
http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!