Q: How do I
store sensitive data securely?
A: Here's a simple way you
can make your apps appreciably more secure. Simply add the following VB .NET module
to your project and call the HashData function to hash any sensitive data so it
is secure from prying eyes:
Imports System.Text
Imports System.Security.Cryptography
Module modEncrypt
Public Function
HashData(ByVal s As
String) As String
'Convert the string to a byte array
Dim bytDataToHash
As Byte() = _
(New UnicodeEncoding()).GetBytes(s)
'Compute the MD5 hash algorithm
Dim bytHashValue
As Byte() = _
New MD5CryptoServiceProvider().ComputeHash(bytDataToHash)
Return BitConverter.ToString(bytHashValue)
End Function
End Module
Once your string parameter is hashed, it's computationally infeasible
to determine the plain-text version. It cannot be decrypted.
Of course, this works better for some kinds of data than others.
It works especially well for storing passwords in databases. When a new user signs
up, simply hash his or her password and store the hashed value in the database.
When the user logs in next time, hash the password and compare it to the hashed
value you stored in the database. If the hashes match, admit the user.
Note, however, that if your user forgets the password, even you will
not be able to decipher it. Most companies deal with this situation by auto-generating
a new password and sending it to the user's registered e-mail address, or by implementing
a system such as password hints or secret question/answer pairs.
If you absolutely need to be able to decrypt the data then hashing
won't work. In this case you'll need to to use another encryption technique.
A couple such techniques (both highly respected for their security) are Triple DES and Rijndael.