John W Colby
jwcolby at gmail.com
Fri Feb 7 08:52:40 CST 2014
Paul, Use a one way hash to hash the password, then save that hash in the table. When the user enters their password, hash it and compare to the stored hash. If they match then the user entered the correct password. No encryption, no keys, no stored password to be stolen. John W. Colby Reality is what refuses to go away when you do not believe in it On 2/6/2014 10:09 PM, Paul Hartland wrote: > To all, > > I'm starting to write a vb.net app which will link to a sql server > database, I want the passwords in the user table on the SQL server database > to be encrypted one way, then if they forget the password can request a new > one. Firstly I used to use MD5 when I worked at my last company, but have > heard this can be cracked, anyone have any other recommendations, I don't > mind if the password encryption happens on the vb.net app or the sql server > database. > > Thanks in advance for any help. >