securty issue XOR

is this password check algorithm safe to use in low security environment like local network

 static string keys = "qwertyuiopüõasdfghjklöäzxcvbnmQWERTYUIOPÜÄÖLKJHGFDSAZXCVBNM";
    static Int64 key = 0;
    public static bool check(string input)
    {
        string tmp = "";
        string 开发者_运维技巧encAnswer = "ỬốỒởỐỚ";
        for (int i = 0; i < input.Length; i++)
        {
            tmp += keys.IndexOf(input[i]).ToString();
        }
        key = Int64.Parse(tmp);
        string res = "";
        char c;
        for (int i = 0; i < input.Length; i++)
        {
            c = input[i];
            c = (char)(c ^ key);
            res += c;
        }
        if (res == encAnswer)
            return true;
        return false;
    }

Obfuscation is not security.

The XOR mechanism you describe is a recipe for future pain and embarrassment. You should probably avoid it and use the built-in features of the .NET and Windows platforms to implement security.

The problem with approaches to security like the one you describe is that most attacks on systems happen from within an organization. The fact that you feel your application needs a password mechanism at all implies that security is a relevant consideration. If security is indeed relevent, why opt for the illusion of security - spend a little more effort and get the real thing.

Here are some reasons to go the full nine yards:

1. Techniques to break XOR "encryption" schemes like the one you describe abound on the internet, and it requires very little knowledge and access to break such a scheme.

2. If successful, your application may grow to have more users than you might first imagine - don't trust that all of these users will be friendly and play by the rules.

3. Once in production, changes to an existing system are hard to justify and harder to make than before the code is released. It's also easier to add missing functionality than to change existing functionality.

4. Trust is hard (or impossible) t regain. The price of a security breach is often disproportional to the price of implementing security. Once trust is lost in a system's security or ability to protect user identity/information, it doesn't matter how good the application features are, people will lose confidence in the system as a whole.

You should stick with hash algorithms, even in low security environments. Take a look on SHA256 Class

Note you will not be able to recover original password by using hash algorithms.

EDIT: As OP noted, just using a hash algorithm isn't enough. You must to add a salt to make it harder to break. Some examples can be found here: How To: Hash Data with Salt (C#/VB.NET)

It's roughly comparable to a strip of adhesive tape used as a "lock" on an apartment door. If you have "low security" requirements, why don't you skip the password check completely?

I just found out that there are quite extensive databases with hash codes so this renders Rubens Farias solution useless for me

http://askcheck.com/hash?hash=WOLAND

Even turning out lights maybe security improvident for home. especially when burglar has already broken in.