DPAPI password encryption in C# and saving into database.Then Decrypting it using a key

Question

I have tried Password encryption using UTF8 Algorithm and SHA256, but was adviced not to use them. Instead , I was suggested to use DPAPI .I have browsed few sample codes fr

Answer 1

Arcording to MSDN, DPAPI is "using the user or machine credentials to encrypt or decrypt data". I think it use DES or AES algorithm.

But for password, you should always use 1-way hash functions (MD5, SHA1...) with salt before saving to DB. Even if the hacker can access to your server, he can never decrypt password of users.

So, just stick with your SHA256 solution. Remember to add some salt before hash it.