Hello all,

I'm a VB.NET developper newbie. I made a Hardware Administation Tool with a Webinterface for my company, It works almost perfect, but I've found a relevant Security bug on it:

I don't have encrypted the Login data. Now I'm working on a update, so I searched on the Internet a easy method to programm an encryption/decryption Function/Class on VB.NET, but I still found a bad encryption system for applications who isn't very good for my Login.
I've remebered that Messenger Plus! owns a very good encryption system (2Gbit encryption) and so I ask you: Can somebody help me to program a good encryption for my Login-Form?

Thank you for your answers.
(sry about my bad english, I'm swiss . I hope all people can understand my text )

Hi,

If you are talking about logon using ASP.NET forms authentication, the framework already gives you everything you need.

1) If you are storing passwords in a database or config file, you want to hash them.   HashPasswordForStoringInConfigFile() method exists for that if you are implementing forms authentication the old way.  If you are using ASP.NET 2.0 membership providers, the passwords are stored as SHA-1 hashes by default, but you can choose another algorithm.

2) Encrypt and sign your authentication tickets.  This is accomplished by forms protection="All" in your configuration.  That and other related topics are covered  here.

3) The transport should use encryption, so that your credentials can't be sniffed by somebody along the way -- if you haven't already, set the web server up to support HTTPS. 

thnq very much, it was very helpfull!