0

I developed MVC.NET Core 2 web application for my customer. I used .NET Framework Core and MS SQL Server 2017 Express. I have table in database:

CREATE TABLE [dbo].[AppUser](
    [Id] [bigint] IDENTITY(1,1) NOT NULL,
    [LoginName] [nvarchar](250) NOT NULL,
    [Pass] [nvarchar](max) NOT NULL,
    [CreatedDate] [datetime2](7) NOT NULL
PRIMARY KEY CLUSTERED 
(
    [Id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO

ALTER TABLE [dbo].[AppUser] ADD  DEFAULT (getdate()) FOR [CreatedDate]
GO

In "pass" column is stored a password crypted by MD5 algorithm. Application works fine, but customer want to change MD5 algorithm for someting more safer algorithm.

Because European Union Personal data protection regulation - GDPR - is very strict, I need to encrypt another data in database.

Application architecture is as follows: The Web application calls a WCF server that communicates with several REST APIs to retrieve data from my database and from third party applications (DMS, CRM, and ERP systems).

My question is, what are you use to data protection/encryption? I read some articles, but i have no idea how to decide.

What are you use and why? Can me give any advice

Davecz
  • 1,199
  • 3
  • 19
  • 43
  • 1
    If the regulations don't allow MD5 then find out what they **do** recommend and use that – musefan Jun 01 '18 at 10:42
  • MD5 has been cracked for years, I'd imagine they want something more secure like SHA-2 – Liam Jun 01 '18 at 10:43
  • i would like to have only one encrypt mechanism - for password a and personal data. I am thinking about SHA-2, SHA-3? I really dont know, because i have no experience with data encryption. – Davecz Jun 01 '18 at 10:49
  • SHA and MD5 are _not_ encryptions. The link with calling the webservices is also unclear. – bommelding Jun 01 '18 at 10:52

0 Answers0