On May 20, 11:12 am, Prasad <mahashabdepra...@gmail.comwrote:
Hi,
I am trying to encrypt password for a user record in a sql database. I
want to know what is difference between or which is better and
efficient for encryption GetHashCode() method from object class or
ComputeHash() method from MD5CryptoServiceProvider class.
GetHashCode is a simple hash, approriate for use in a Hashtable (or
generic Dictionary), but should not be considered cryptographically
secure.
ComputeHash of a HashAlgorithm is a secure hash (i.e. cannot be easily
reversed), approriate for storing passwords in a database.
SHA1 is preferred to MD5 (
http://en.wikipedia.org/wiki/
Md5#Vulnerability)
So for passwords you should use something like:
using System.Security.Cryptography;
using System.Text;
//...
public static byte[] GetPasswordHash(string password)
{
HashAlgorithm algorithm = SHA1.Create();
byte[] data = Encoding.Unicode.GetBytes(password);
return algorithm.ComputeHash(data);
}
Terry.