How to save string (username password) in encrypted form in database, and decrypt when, login by user

Question

Good morning all,
I am using c++ and also using wxWidget, In backend im using MySql, i want to save user name and password in encrypted form inside the database,
when user will try to login,I will decrypt the data for authentication,
Is there any headerfiles in c++ who can handle encryption or decryption?

Answer 1

Don't encrypt the password, you don't want people's passwords to be recoverable. If they forget them then reset the password to something else. Don't ever store passwords or encrypted passwords which can be used to get the original password.

What you should do is:

• Generate random salt .
• Append or prepend the salt value to the user's password.
• Hash the combination of password and salt (using something strong, like SHA256).
• Store the user name, the hashed value and the salt in the database.

When the user attempts to sign in:

• Load the salt value associated with the username.
• Append or prepend (ie. do the same as when they registered) the salt to the supplied password.
• Hash the combination, compare that to the stored hash. If they're different, sign-in fails.

Answer 2

Firstly, on the crypto side, you won't want to encrypt usernames or you'll have no way to look them up. Passwords, though, you are right, should be stored encrypted, because if your database is compromised, you don't want people having access to everybody's passwords.

Usually, though, you don't encrypt passwords and decrypt them for authentication. You hash them. You get a hash function (such as SHA-256 ) and run the password through that function. For example, if my password was "binoculars", I run it through SHA-256 and get:

a0e23a0813c2b152222f28830be966f4eb0fd8ccbb4b487b7688c2749e754a72

(that's a binary string, expressed in hexadecimal) so you store the above string in the database. Note that if someone got their hands on that string, there is absolutely no way to figure out that my original password was "binoculars".

Now when I come to authenticate, I supply the password "binoculars" and you run it through the hash algorithm and get the exact same string as above -- so it is the correct password. If I gave any other password, it would hash to a different string, and I can't log in.

Now on to libraries. There are lots of different libraries which will give you hash functions such as SHA-256. One you may try is Crypto++ . I do recommend SHA-256. MD5 and SHA-1 are older hash functions that may have cryptographic weaknesses; SHA-256 has no known cryptographic weaknesses.

Answer 3

You don't decrypt the data from MySQL but encrypt the data that was supplied to the user. Then you compare it to the one in MySQL.

Hashing algorithms are not meant to be decryptable.

EDIT: focusing my comment on hashing.

Answer 4

A little beside the point, but saving encrypted passwords is not the best option out there, as it means you can still calculate the original password from the information stored in the database. The common practice is to save a salted hash of the password, and when users log in, compare the stored salted hash to the one calculated from the password they were trying to login with.

Answer 5

What is the need of decrypting?

Encrypt the username and password store it in table

Then encrypt the inputted username and password compare both