Encrypting xml tag values in C#.net

Question

3.00/5 (1 vote)

See more:

I have an xml file which will be used for storing login information (user ID and password)
I want to encrypt the password value present in the XML
Also , i want to make this XML file to be editable only by admin

Please help me !!!

Posted 5-Sep-12 17:09pm

Vinay iGATE

Add a Solution

Comments

Sergey Alexandrovich Kryukov 6-Sep-12 2:01am

Why encrypting it? This is not how passwords are usually securely stored...
--SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2012-09-05T20:17:00

The whole idea to store a password is wrong. Passwords (I mean, in their original form, how they are created by the password users) are never stored anywhere. If you think about it, you will understand that authentication never needs it. Sounds weird? Then keep reading.

One of the most typical ways of dealing with passwords securely is using a cryptographic hash function, some function with one of its important properties: it's inversion is infeasible. For further detail, please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

When a user creates a password, its hash function is stored. So, no one can restore the original password, no matter what are the privileges. During authentication, a hash (obtained by calling the same function using user input) is compared with stored hash. Simple, isn't it?

I would recommend to use one of the functions from the SHA-2 family:
http://en.wikipedia.org/wiki/SHA-2[^].

It's important not to use MD5 or SHA-1 for any security purposes: these functions are found broken, so using them is unsafe. Please see:
http://en.wikipedia.org/wiki/MD5[^],
http://en.wikipedia.org/wiki/Sha1[^].

With .NET, you have the cryptographic hash functions already implemented for you:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

As to the second part of the question: yes, the file with authentication data should be limited in access. Windows provides user-based access control (via ACL), so what's the problem? Please start here:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374872%28v=vs.85%29.aspx[^].

Further detail on access control depends on your settings: who is defined as admin, how she/he gets admin privileges, what's your application type, etc. I don't have this information to give you more concrete advice, but you can read about access control and apply it to your security schema. If you face some problems, ask more specific question and supply relevant information needed to resolve a problem.

Good luck,

—SA