So talked about this in a previous post, and thought it looked like a cool idea. It still seems to be in theory anyway but their sign-up process is non-secured and they ask for your SSN. What kind of modern company would have a web-service that requires sensitive information and not have it encrypted? I will give them the benefit of the doubt and say that because it is brand new perhaps it is just something that was over-looked. Even though that is a big thing to over-look. I sent them an e-mail about it and have yet to hear back from them.
This function will take a string and return the hashed value using System.Security.Cryptography; public static string GetSha1(string value) { var data = Encoding.ASCII.GetBytes(value); var hashData = new SHA1Managed().ComputeHash(data); var hash = string.Empty; foreach (var b in hashData) hash += b.ToString("X2"); return hash; } Thanks to Lars-Erik
Comments
We have secured the page where the SSN is asked for.