I have a script that looks like a door lock that requires two-factor authentication for access:
- RFID Icon with GUID
- 4-digit PIN code entered through the keypad.
I need to safely store them in SQL Server 2008. I assume that it is normal to store GUIDs as usual, but what methods should be used to protect the PIN code in the database and in the system as a whole?
Is a typical hash salt method for a 4 digit PIN?
What would be the right approach to protecting this type of system?
EDIT
Additional information ... Ultimately, this system is likely to be more secure than the standard “door lock”. Users will authenticate using an RFID token and PIN. After gaining access to the system, the user will be able to view and purchase items through a credit card associated with their account (using a third-party gateway / storage for storage). What consequences will this have on the system?
EDIT 2
Also, the fact is that this was NOT a web application. Users will only get access to the system from dedicated workstations. Workstations will then use web services to communicate with the backend system / database. How can I include this in a mix?
, @Remus , / - RFID-? . ?