473,573 Members | 2,839 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

String Encryption Help

I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look through the code and point me in
the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the passwords,
so two users with the same password will not have the same hash stored in
the database.

public string JJEncryption(st ring password)
{
//Creates a random number generator.
Random random = new Random();
//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase64 (randomInt.ToSt ring());

//Update the value of milli by adding the random number to it.
milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
foreach (char c in password)
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of the
current letter.
i = i + milli;
//Add this as a string to the return string
ePassword = ePassword + "-" + i.ToString();
}
//Return the enrypted password.
ePassword = MD5Encrypt(ePas sword, true);
return ePassword;
}

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}

//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5CryptoServic eProvider();
keyArray =
hashmd5.Compute Hash(UTF8Encodi ng.UTF8.GetByte s(key));
//Always release the resources and flush data of the
Cryptographic service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypto ServiceProvider ();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)

tdes.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tran sformFinalBlock (toEncryptArray , 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Len gth);
}

--
Regards JJ (UWA)

--
Regards JJ (UWA)

Apr 22 '07 #1
22 7641
j1mb0jay wrote:
I have had to create a simple string encryption program for coursework,
I have completed the task and now have to do a write up on how it could
be improved at a later date. If you could look through the code and
point me in the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.
Some reflections:

:: Use a StringBuilder when concatenating the string. Your solution
scales very badly.

:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5 is
a hashing algorithm and doesn't do any encryption at all.

:: If the task was to actually create encryption, you have not completed
it. As you are using a hash, the string can not be decrypted into the
original string.

--
Göran Andersson
_____
http://www.guffa.com
Apr 22 '07 #2
Göran Andersson wrote:
j1mb0jay wrote:
>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful. Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.

Some reflections:
>>Use a StringBuilder when concatenating the string. Your solution
scales very badly.
>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
is
a hashing algorithm and doesn't do any encryption at all.
>>If the task was to actually create encryption, you have not
completed
it. As you are using a hash, the string can not be decrypted into the
original string.
I have the methods to turn it back into the orignal and i use them on my
applications.
Does this mean i am encrypting ?

Thank you for the reply.
--
Regards JJ (UWA)

Apr 22 '07 #3
Hi... It looks a bit overly complex to me but I'll assume it is doing what
you intend. I'd make the suggestion that you simplify the process where
possible however. From the look of it many of the interim values aren't
really used anywhere (though I may have missed it) so you can probably get
your random integer var set this way.
Random random = new Random();
int randomInt = (int) ( random.NextDoub le() * 100 );
And the various additions and concatenations can use the += operator so
these:
milli = milli + randomInt;
i = i + milli;
ePassword = ePassword + "-" + i.ToString();
become:
milli += randomInt;
i += milli;
ePassword += ( "-" + i.ToString() );
As Göran points out you may want to use a StringBuilder as well.

I guess if I had a question it would be is there slightly less complicated
way to get the non-matching hash if that is your goal? Do you consider it
more secure by virtue of the particular algorithm used to adjust it?
"j1mb0jay" <ja**@aber.ac.u kwrote in message
news:11******** *******@leri.ab er.ac.uk...
>I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look through the code and point me
in the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same hash
stored in the database.

public string JJEncryption(st ring password)
{
//Creates a random number generator.
Random random = new Random();
//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase64 (randomInt.ToSt ring());

//Update the value of milli by adding the random number to it.
milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
foreach (char c in password)
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of
the current letter.
i = i + milli;
//Add this as a string to the return string
ePassword = ePassword + "-" + i.ToString();
}
//Return the enrypted password.
ePassword = MD5Encrypt(ePas sword, true);
return ePassword;
}

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}

//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5CryptoServic eProvider();
keyArray =
hashmd5.Compute Hash(UTF8Encodi ng.UTF8.GetByte s(key));
//Always release the resources and flush data of the
Cryptographic service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypto ServiceProvider ();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)

tdes.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tran sformFinalBlock (toEncryptArray , 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Len gth);
}

--
Regards JJ (UWA)

--
Regards JJ (UWA)

Apr 22 '07 #4
Tom Leylan wrote:
Hi... It looks a bit overly complex to me but I'll assume it is doing
what you intend. I'd make the suggestion that you simplify the
process where possible however. From the look of it many of the
interim values aren't really used anywhere (though I may have missed
it) so you can probably get your random integer var set this way.
> Random random = new Random();
int randomInt = (int) ( random.NextDoub le() * 100 );

And the various additions and concatenations can use the += operator
so these:
> milli = milli + randomInt;
i = i + milli;
ePassword = ePassword + "-" + i.ToString();

become:
> milli += randomInt;
i += milli;
ePassword += ( "-" + i.ToString() );

As Göran points out you may want to use a StringBuilder as well.

I guess if I had a question it would be is there slightly less
complicated way to get the non-matching hash if that is your goal? Do you
consider it more secure by virtue of the particular algorithm
used to adjust it?
I do understand the code could do with a good tidy up, thank you for the
methods of doing this. I hope when I shorten the methods and use more
correct
coding constructs it will become less complex to read.

We had to write a simple encryption method and decryption method for the
coursework, I just wanted to try and use MD5 and base64 to turn the output
of the encryption into something a little less readable. Was I incorrect in
doing this ?
I thought it would be for the greater good of the encryption !

Apr 22 '07 #5
On Sun, 22 Apr 2007 13:54:55 +0100, "j1mb0jay" <ja**@aber.ac.u k>
wrote:
>I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look through the code and point me in
the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the passwords,
so two users with the same password will not have the same hash stored in
the database.

public string JJEncryption(st ring password)
{
//Creates a random number generator.
Random random = new Random();
Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
Alternatively, write your own - google 'Yarrow' or 'Fortuna' for
examples.

//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase6 4(randomInt.ToS tring());

//Update the value of milli by adding the random number to it.
milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
foreach (char c in password)
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of the
current letter.
i = i + milli;
//Add this as a string to the return string
ePassword = ePassword + "-" + i.ToString();
}
//Return the enrypted password.
ePassword = MD5Encrypt(ePas sword, true);
return ePassword;
Have a look at using System.Security .SecureString instead of a plain
string for holding a password.
}

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}
You can use Encoding.UTF8.G etBytes to convert a string to bytes.

>
//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5 should not be used in new applicatins as it has some weaknesses.
Better to use SHA-256 or SHA-512.
>MD5CryptoServi ceProvider();
keyArray =
hashmd5.Comput eHash(UTF8Encod ing.UTF8.GetByt es(key));
//Always release the resources and flush data of the
Cryptographi c service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypt oServiceProvide r();
3DES should not be used except for backwards compatibility - its 64
bit blocksize is too small for safety. Use AES (=Rijndael) instead as
it uses 128 bit blocks.
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electron ic code Book)
tdes.Mode = CipherMode.ECB;
A bad choice. ECB mode leaks information. For a good illustration
(literally) see
http://en.wikipedia.org/wiki/Block_c...s_of_operation

You should use either CBC or CTR mode.
//padding mode(if any extra byte added)

tdes.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tra nsformFinalBloc k(toEncryptArra y, 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Le ngth);
}

--
Regards JJ (UWA)
Apr 22 '07 #6
rossum wrote:
On Sun, 22 Apr 2007 13:54:55 +0100, "j1mb0jay" <ja**@aber.ac.u k>
wrote:
>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the
same hash stored in the database.

public string JJEncryption(st ring password)
{
//Creates a random number generator.
Random random = new Random();
Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
Alternatively, write your own - google 'Yarrow' or 'Fortuna' for
examples.

> //Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal
places) int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a
string and add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) +
"-" + ConvertToBase64 (randomInt.ToSt ring());

//Update the value of milli by adding the random number
to it. milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
foreach (char c in password)
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation
of the current letter.
i = i + milli;
//Add this as a string to the return string
ePassword = ePassword + "-" + i.ToString();
}
//Return the enrypted password.
ePassword = MD5Encrypt(ePas sword, true);
return ePassword;
Have a look at using System.Security .SecureString instead of a plain
string for holding a password.
> }

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}
You can use Encoding.UTF8.G etBytes to convert a string to bytes.

>>
//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray =
UTF8Encoding.U TF8.GetBytes(to Encrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5 should not be used in new applicatins as it has some weaknesses.
Better to use SHA-256 or SHA-512.
>MD5CryptoServi ceProvider();
keyArray =
hashmd5.Comput eHash(UTF8Encod ing.UTF8.GetByt es(key));
//Always release the resources and flush data of the
Cryptographi c service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypt oServiceProvide r();
3DES should not be used except for backwards compatibility - its 64
bit blocksize is too small for safety. Use AES (=Rijndael) instead as
it uses 128 bit blocks.
> //set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electron ic code Book)
tdes.Mode = CipherMode.ECB;
A bad choice. ECB mode leaks information. For a good illustration
(literally) see
http://en.wikipedia.org/wiki/Block_c...s_of_operation

You should use either CBC or CTR mode.
> //padding mode(if any extra byte added)

tdes.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to
resultArray byte[] resultArray =
cTransform.Tra nsformFinalBloc k(toEncryptArra y, 0,
toEncryptArray. Length); //Release resources held by
TripleDes Encryptor tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Le ngth);
}

--
Regards JJ (UWA)
I will post back later with the changes you sugested. Thank you.

--
Regards JJ (UWA)
Apr 22 '07 #7
On Sun, 22 Apr 2007 15:16:37 +0100, "j1mb0jay" <ja**@aber.ac.u k>
wrote:
>Göran Andersson wrote:
>j1mb0jay wrote:
>>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful. Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqO ggOt5VUzRc+sVtg PPQJt5xen7WksC3 SljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+ UgdViO6SlZtPZ66 DzZ1tGFifpq3QkH r9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.

Some reflections:
>>>Use a StringBuilder when concatenating the string. Your solution
scales very badly.
>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
is
a hashing algorithm and doesn't do any encryption at all.
>>>If the task was to actually create encryption, you have not
completed
it. As you are using a hash, the string can not be decrypted into the
original string.

I have the methods to turn it back into the orignal and i use them on my
applications .
Does this mean i am encrypting ?
You are using MD5 to generate a key from the user password using the
time as salt. The actual encryption uses 3DES.

rossum
>Thank you for the reply.
Apr 22 '07 #8
j1mb0jay wrote:
Göran Andersson wrote:
>j1mb0jay wrote:
>>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful. Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqO ggOt5VUzRc+sVtg PPQJt5xen7WksC3 SljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+ UgdViO6SlZtPZ66 DzZ1tGFifpq3QkH r9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.

Some reflections:
>>>Use a StringBuilder when concatenating the string. Your solution
scales very badly.
>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
is
a hashing algorithm and doesn't do any encryption at all.
>>>If the task was to actually create encryption, you have not
completed
it. As you are using a hash, the string can not be decrypted into the
original string.

I have the methods to turn it back into the orignal and i use them on my
applications.
No, you don't. You can not recreate the original from it's hash code.
Does this mean i am encrypting ?

Thank you for the reply.

--
Göran Andersson
_____
http://www.guffa.com
Apr 22 '07 #9
Göran Andersson wrote:
:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5 is
a hashing algorithm and doesn't do any encryption at all.
Some people call hashing "one way encryption".

Arne
Apr 23 '07 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
4857
by: Mike | last post by:
Help, I am using an encryption routine that occasionally will encrypt a string using some extended ASCII characters (ASCII code > 128) I am wondering if there is a reserved character in VB that signifies the end of a string of characters. Here is what happens: I am encrypting certain fields before adding them to a SQL string. On...
14
7681
by: msnews.microsoft.com | last post by:
How can I encrypt and decrypt string?
7
26761
by: Matthias S. | last post by:
Hi, I had a look at the vast information on encryption in the MSDN and got pretty confused. All I want to do is to encrypt a string into an encrypted string and later decrypt that (encrypted) string again to a human readable form. Can't be that difficult :). Could you send me please into the right direction. Thanks in advance. --
12
3454
by: Charlie | last post by:
Hi: My host will not allow me use a trusted connection or make registry setting, so I'm stuck trying find a way to hide connection string which will be stored in web.config file. If I encrypt string externally, can it be used in it's encrypted form to connect to SQL Server? If I decrypt back to string for use in connection string during...
3
1624
by: xanthviper | last post by:
I know this has been probably covered a lot, but hopefully someone can help me out. Awhile back, I was doing some searching on encryption methods and found an example to where you can take very large amounts of text and encrypt that down to a very small string. So, basically you could take the US Constitution and get that down to something...
7
7584
by: Eric | last post by:
Hi All, I need to XOR two same-length Strings against each other. I'm assuming that, in order to do so, I'll need to convert each String to a BitArray. Thus, my question is this: is there an easy way to convert a String to a BitArray (and back again)? I explained the ultimate goal (XORing two Strings) so that, if anyone has a better...
6
7851
by: larry mckay | last post by:
Hi, Does anyone have any simple text string encryption routines that are easy to implement? I'm trying to prevent users and system administrators from figuring out how I implement things. thanks *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it!
14
3486
by: WebMatrix | last post by:
Hello, I have developed a web application that connects to 2 different database servers. The connection strings with db username + password are stored in web.config file. After a code review, one developer suggested that it's a security flaw; therefore connection strings should be kept somewhere else or encrypted. My argument is that...
8
2795
by: Jeremy Kitchen | last post by:
I have encoded a string into Base64 for the purpose of encryption. I then later decrypted it and converted it back from Base64 the final string returns with four nothing characters. "pass" what the result should be "pass____ what the result is where each underline char is a nothing char. I am about to write a function that will remove...
0
7771
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7686
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8198
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7771
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8060
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
3730
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3731
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2194
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
1036
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.