How to encrypt and verify password in asp.net using C#?

As I'm asp.net beginner to answer it,I used following code that might help you where you can encrypt the password and save to db and when retrieve that encrypted string from db then decrypt to match your verifying password.Following code are tested for your (pwd) cryptogrphy.

Design File

<form id="form1" runat="server">
<div>
    <asp:TextBox ID="TextBox1" Text="Arslan Ali" runat="server" placeHolder="Enter Password"></asp:TextBox><br />
    <asp:Button ID="Button1" runat="server" Text="Encrypt" OnClick="Button1_Click" /><br />
    <asp:Button ID="Button2" runat="server" Text="Decrypt" OnClick="Button2_Click" /><br />
    <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label><br />
</div>
</form>

In your Code File Required NameSpaces

using System.Text;
using System.Security.Cryptography;

Define Hash String

    string hash = @"foxle@rn";

Encrypt

protected void Button1_Click(object sender, EventArgs e)
{
    byte[] data = UTF8Encoding.UTF8.GetBytes(TextBox1.Text);
    using(MD5CryptoServiceProvider md5=new MD5CryptoServiceProvider())
    {
        byte[] keys = md5.ComputeHash(UTF8Encoding.UTF8.GetBytes(hash));
        using (TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider() {Key=keys,Mode=CipherMode.ECB,Padding=PaddingMode.PKCS7 })
        {
            ICryptoTransform transform=tripleDes.CreateEncryptor();
            byte[] results=transform.TransformFinalBlock(data,0,data.Length);
            Label1.Text = Convert.ToBase64String(results);
        }
    }
}

Decrypt

protected void Button2_Click(object sender, EventArgs e)
{
    byte[] data = Convert.FromBase64String(Label1.Text);
    using (MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider())
    {
        byte[] keys = md5.ComputeHash(UTF8Encoding.UTF8.GetBytes(hash));
        using (TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider() { Key = keys, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 })
        {
            ICryptoTransform transform = tripleDes.CreateDecryptor();
            byte[] results = transform.TransformFinalBlock(data, 0, data.Length);
            Label1.Text = UTF8Encoding.UTF8.GetString(results);
        }
    }
}

I hope so,It may help you but I'm confirming ,I'm too beginner to crypto as well as asp.net web-forms.

if this method is still "up to date"?

Yes, in general.

I also never specify a salt but let it generate it (second parameter = null).

Yeah. Now hash like a hunderd thousand times and you are ok ;) No joke. I think minimum should be around - well, it should take a second to operate.

Now, here is the question you actually NEVER ASK EXCEP TIN YOUR TITLE. How do you verify?

NOT by decryption.

• Take password enterd by user.
• Take salt from your salted password (yes, store it)
• Take number of iterations from your salted password
• Salt input from user same number of times with same algorithm.
• Compare both hashes.

Finished.

Hash are NOT encryption. Envcryption means you can decrypt - Hashes are irreversible.