What should you do?

You use Microsoft Visual Studio 2010 and Microsoft .NET Framework 4.0 to create an application.
The application connects to a Microsoft SQL Server database. The application stores user names and passwords in the database.
You need to ensure that users cannot read passwords extracted from the database. What should you do?

You use Microsoft Visual Studio 2010 and Microsoft .NET Framework 4.0 to create an application.
The application connects to a Microsoft SQL Server database. The application stores user names and passwords in the database.
You need to ensure that users cannot read passwords extracted from the database. What should you do?

A.
Encrypt stored passwords by using the RC2CryptoServiceProvider class.

B.
Encrypt stored passwords by using the TripleDESCryptoServiceProvider class.

C.
Append a random salt to the password by using the RNGCryptoServiceProvider class.
Encrypt stored passwords by using the RijndaelManaged class.

D.
Append a random salt to the password by using the RNGCryptoServiceProvider class.
Hash stored passwords by using the SHA1CryptoServiceProvider class.

Explanation:
SHA1CryptoServiceProvider Class Computes the SHA1 hash value for the input data using the implementation provided by the cryptographic service provider (CSP). This class cannot be inherited.

SHA1CryptoServiceProvider Class
(http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1cryptoserviceprovider.aspx)

CHAPTER 8 Developing Reliable Applications
Lesson 3: Protecting Your Data
Hashing and Salting (page 550-551)

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *