Same encryption codes cannot decrypt password from .NET 1.0 to 2.0

hohans

Hi all,

I have an encryption class that encrypts and decrypts password using
TripleDESCrypto ServiceProvider . It was written originally in framework
1.0 and been working fine. And those passwords are stored in my SQL
server.

Now I need to migrate my application to framework 2.0. I use this same
class with framework 2.0 library to decrypt the passwords from database
(of course, they were encrypted in 1.0) but getting "Bad Data"
exception. The wierd thing is that, in 2.0 environment, it can encrypt
a new password and decrypt it back without any problem. It just cannot
decrypt the ones which were encrypted in 1.0.

Anyone experienced this problem before? Any ideas will be very
appreciated!!

Hans

I am also attaching the class as follows:
using System;
using System.IO;
using System.Security .Cryptography;
using System.Text;

namespace test
{
/// <summary>
/// Summary description for EncryptionManag er.
/// </summary>
public class EncryptionManag er
{
public const int Encryption = 0;
public const int Decryption = 1;

private EncryptionManag er()
{
}

public static string Encrypt(string toEncrypt, string key)
{
UnicodeEncoding encoder = new UnicodeEncoding ();
return encoder.GetStri ng(ParseBytes(e ncoder.GetBytes (toEncrypt),
key, Encryption));
}

public static string Decrypt(string toDecrypt, string key)
{
UnicodeEncoding encoder = new UnicodeEncoding ();
return encoder.GetStri ng(ParseBytes(e ncoder.GetBytes (toDecrypt),
key, Decryption));
}
private static byte[] ParseBytes (byte[] data, string key, int
direction)
{
TripleDES des = new TripleDESCrypto ServiceProvider () ;
des.IV = new byte[8];

//init stream to write / read data
MemoryStream memStream = new MemoryStream();

PasswordDeriveB ytes derivedBytes = new PasswordDeriveB ytes(key, new
byte[0]);
des.Key = derivedBytes.Cr yptDeriveKey("R C2", "MD5", 128, new
byte[8]);

//set transform according to direction
ICryptoTransfor m transform;

if (direction == Encryption)
{
transform = des.CreateEncry ptor();
}
else
{
transform = des.CreateDecry ptor();
}

CryptoStream cryptoStream = new CryptoStream (memStream,
transform,
CryptoStreamMod e.Write);

cryptoStream.Wr ite (data, 0, data.Length);
cryptoStream.Fl ushFinalBlock() ;

//get the length of the encrypted data...
byte[] encodedResult = new byte[memStream.Lengt h];
memStream.Posit ion = 0;
memStream.Read( encodedResult, 0, encodedResult.L ength);

memStream.Close ();
cryptoStream.Cl ose();

return encodedResult;
}

public static string GenerateKey()
{
UnicodeEncoding encoder = new UnicodeEncoding ();
TripleDES des = new TripleDESCrypto ServiceProvider ();
return encoder.GetStri ng(des.Key);
}
}

}

Dec 16 '05 #1

Subscribe Reply

2595

Jon Skeet [C# MVP]

<ho****@yahoo.c om> wrote:

I have an encryption class that encrypts and decrypts password using
TripleDESCrypto ServiceProvider . It was written originally in framework
1.0 and been working fine. And those passwords are stored in my SQL
server.

Now I need to migrate my application to framework 2.0. I use this same
class with framework 2.0 library to decrypt the passwords from database
(of course, they were encrypted in 1.0) but getting "Bad Data"
exception. The wierd thing is that, in 2.0 environment, it can encrypt
a new password and decrypt it back without any problem. It just cannot
decrypt the ones which were encrypted in 1.0.

Anyone experienced this problem before? Any ideas will be very
appreciated!!

<snip>

I've seen the same problem, but haven't investigated it much - I'll try
to look into it further soon...

--
Jon Skeet - <sk***@pobox.co m>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too

Dec 17 '05 #2

hohans

Jon,

Thanks for taking time looking into this. Let me know if you find out
anything.

Hans

Dec 20 '05 #3

Jon Skeet [C# MVP]

<ho****@yahoo.c om> wrote:

I have an encryption class that encrypts and decrypts password using
TripleDESCrypto ServiceProvider . It was written originally in framework
1.0 and been working fine. And those passwords are stored in my SQL
server.

<snip>

Looking at it to start with - you really shouldn't be assuming that the
bytes which come back from encryption are a valid Unicode string. I
would suggest base64 encoding/decoding to convert between byte arrays
and "normal" text. It's unrelated to the problem you're seeing (I
believe) but is something to watch out for.

It's also worth using a "using" statement to close streams, so they end
up being closed even if an exception occurs.

Finally, don't use Stream.Read without checking the return value -
there's no guarantee it will read everything you want it to. See
http://www.pobox.com/~skeet/csharp/readbinary.html for more details.
When you're using a MemoryStream, however, you can just call ToArray to
get the bytes.

I'll post an "improved" version of your code when I've modified the
current version. As I say, it won't solve the problem, but it should
make it more obvious that there *is* a problem unrelated to the above
:)

--
Jon Skeet - <sk***@pobox.co m>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too

Dec 20 '05 #4

Jon Skeet [C# MVP]

<ho****@yahoo.c om> wrote:

<snip>

Hmm. I've modified your code appropriately, but I can't get either your
original code or the modified code to fail (encrypting with 1.1 and
decrypting with 2.0). Could you provide some sample data which it fails
with?
using System;
using System.IO;
using System.Security .Cryptography;
using System.Text;

public class EncryptionManag er
{
SymmetricAlgori thm provider;

public EncryptionManag er()
{
provider = new TripleDESCrypto ServiceProvider ();
provider.IV = new byte[8];
byte[] key = new byte[provider.KeySiz e/8];
for (int i=0; i < key.Length; i++)
{
key[i] = (byte) i;
}
provider.Key = key;
}

public string Encrypt(string toEncrypt)
{
byte[] rawInput = Encoding.UTF8.G etBytes(toEncry pt);
byte[] rawOutput = Encrypt (rawInput);
return Convert.ToBase6 4String(rawOutp ut);
}

public string Decrypt(string toDecrypt)
{
byte[] rawInput = Convert.FromBas e64String(toDec rypt);
byte[] rawOutput = Decrypt (rawInput);
return Encoding.UTF8.G etString(rawOut put);
}

public byte[] Encrypt (byte[] toEncrypt)
{
return Transform(provi der.CreateEncry ptor(), toEncrypt);
}

public byte[] Decrypt (byte[] toDecrypt)
{
return Transform(provi der.CreateDecry ptor(), toDecrypt);
}

byte[] Transform (ICryptoTransfo rm transform, byte[] data)
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream
(memoryStream, transform, CryptoStreamMod e.Write))
{
cryptoStream.Wr ite(data, 0, data.Length);
cryptoStream.Fl ushFinalBlock() ;
}
return memoryStream.To Array();
}
}

static void Main(string[] args)
{
EncryptionManag er manager = new EncryptionManag er();

if (args.Length==1 )
{
Console.WriteLi ne (manager.Decryp t(args[0]));
}
else
{
Console.WriteLi ne (manager.Encryp t ("Test"));
}
}
}

--
Jon Skeet - <sk***@pobox.co m>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too

Dec 20 '05 #5

Similar topics

9755

PHP/MySQL encryption/protection of sensitive info

by: Chris | last post by:

Hello all. I'm currently working on a new site that encompasses the registration of members. The registration is taking place through PHP interaction with MySQL. The site is just going to be for my friends and I, but I have run into an issue that I have often wondered about before. Any insight would be appreciated. The database contains semi-sensitive information. Not CC numbers, but think more like usernames/passwords to other...

PHP

4967

encryption/decryption help

by: drs | last post by:

Hi, I need to send secure data over an insecure network. To that end, I am needing to encrypt serialized data and then decrypt it. Is there a builtin way to do this in Python? MD5, SHA, etc encrypt, but I am not seeing a way to get back my data. Encryption is totally new to me, so any pointers of what to read up on would be appreciated. As a side note, I understand that I could use https, but this would involve changing things that I...

Python

13061

Encryption of post data

by: Peter Young | last post by:

I'm looking for ideas on encrypting form data. For example, if a user enters a password, I would like to encrypt it before it gets posted, then decrypt it server-side. The obvious answer for a password is to 1-way hash it. Unfortunately, this is for data that will not be known ahead of time - I have the requirement of needing to encrypt any password-style textbox entries, then decrypt them on the server. This is intended to provide...

Javascript

11462

Binary encryption

by: TomB | last post by:

Anyone know of an example/tutorial for encrypting a binary file? I'm able to encrypt/decrypt simple text files, but anything more complicated craps out. Thanks TomB

C# / C Sharp

7975

Where to hide the encryption key

by: Mark R. Dawson | last post by:

Hi all, I have a configuration file that is storing sensative data, like db passwords etc. I want to encrypt the file so that people can not see the contents. What are the standard practices for storing the encryption key. I definitely don't want to hard code it in my code otherwise someone looking at the IL can easily see the key. Where should this key be stored and how can an app access it without someone else being able to do the...

C# / C Sharp

6148

Encryption of application configuration block

by: Steven Cliff | last post by:

I have started to use the new Enterprise Library (Jan 06) and have set up a skeleton project using the DAAB. This all seems to work fine apart from when I come to secure the app.config file via encryption. I have encrypted the connectionsettings block in the config file but obviously when I come to deploy the solution to other PC's, it cannot read the block as it doesn't have the keys to decrypt. I understand that as far as ASP.NET...

.NET Framework

2405

Encryption Question

by: eggie5 | last post by:

I have a form where a user can change his password, but I'm confused on how to prevent this from being transmitted in plain text. Well, I know how not to transmit it in plain text - use any type of encryption, but then the problem is, how do I decrypt it on the server to store it? If I use some type of key based encryption, the how do I get the key to the client without it being intercepted, rendering the whole process useless.

Javascript

2745

Total confused and need help with small encryption and decryption methods

by: manmit.walia | last post by:

Hello Everyone, Long time ago, I posted a small problem I had about converting a VB6 program to C#. Well with the help with everyone I got it converted. But I overlooked something and don't understand why it is doing this. Below is my code, I would be greatfull if someone can guide me through the right path or even help me solve this issue. Problem: The old tool which was written in VB6 works perfect. But I needed to convert this to C#...

C# / C Sharp

6479

Encryption and key management best practices

by: olafinsbraaten | last post by:

I am using column-level encryption (ENCRYPT_CHAR, DECRYPT_CHAR) to protect selected columns in DB2 LUW v.9.1 and v.9.5 on Linux. The ultimate goal is to support the requirements put forward in Payment Card Industry Data Security Standard (PCI DSS) which states: "Protect stored cardholder data anywhere it is stored". The encryption functions above requires a password to be set for each db2 session (SET ENCRYPTION PASSWORD =...

DB2 Database

9628

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

10292

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10122

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9923

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

8954

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7471

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6722

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5497

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4031

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp