Totally wrong approach! I agree with Griff. Your problem is fairly simple.
Store text password in your database. Do it in hashed form using some
cryptographic hash function, see
http://en.wikipedia.org/wiki/Cryptographic_hash_function[
^]. Use one of the functions from the SHA family, see
http://en.wikipedia.org/wiki/SHA-2[
^]. Use one of .NET SHA* hash functions, see
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[
^].
For login, use voice recognition. You need to use one of the two classes:
System.Speech.RecognitionSpeechRecognizer
or
System.Speech.RecognitionSpeechRecognitionEngine
, see
http://msdn.microsoft.com/en-us/library/system.speech.recognition.aspx[
^]. Using speech recognition is fairly simple; you will find some good code samples.
When the password is recognized, hash it and compare with hashed password.
Important note: this activity will give you
very week security. First,
anyone can hear the password. More importantly, recognition needs grammar. You can use so called
DictationGrammar
which is available and supplied with the engine, but it is huge and will give you a lot of false recognitions. You can supply smaller grammar, say, 100-200 candidate key words, but correct password should be included. At the moment of installation of grammar, all candidate words will be presented in its original forms, not in hashed form. If someone could possibly retrieve this grammar from where it's stored, the password could be obtained by trying all words in the grammar. You could improve it by generating unique grammar on the fly for each login, but the mere fact that the correct password is to be known to the system (which is not the case in hashed-only approach) would compromise security. In all cases, you should understand security very well to provide reasonable secure scenario.
—SA