Update: Stronger password encryption

Sep 12, 2006

Yesterday, I wrote how to encrypt a password using a one-way MD5 hash, but as some of the comments point out, the MD5 algorithm is not strong enough. I listened and wrote a new encryption method that uses SHA256 instead of MD5.

public string Encrypt(string plainMessage)

{

  byte[] data = Encoding.UTF8.GetBytes(plainMessage);

  using (HashAlgorithm sha = new SHA256Managed())

  {

    byte[] encryptedBytes = sha.TransformFinalBlock(data, 0, data.Length);

    return Convert.ToBase64String(sha.Hash);

  }

}

If I pass my own name to the Encrypt method this would be the result:

Encrypt("Mads Kristensen ") --> “1D3D1917866958C5C0BBA109E20DD5E9B8AAA061AD936472FDE5833F66757D666D616473”.

* Only $4.95/month ASP.NET & Windows 2008 + IIS 7 Hosting! FREE SQL Included

Comments (2) -

 José Rui Abreu Mira
José Rui Abreu Mira
9/13/2006 10:49:36 AM #

What can I say? Excellent!

 Gabriel Rodriguez
Gabriel Rodriguez
9/13/2006 1:46:03 PM #

Mads, keep up the great work, you keep giving us great stuff. Thank you.

Comments are closed

About the author

Mads Kristensen

Mads Kristensen
Program Manager at the Microsoft Web Platform team and founder of BlogEngine.NET.

More...

Month List

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer’s view in any way.