473,573 Members | 2,839 Online

# String Encryption Help

I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look through the code and point me in
the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the passwords,
so two users with the same password will not have the same hash stored in
the database.

{
//Creates a random number generator.
Random random = new Random();
//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase64 (randomInt.ToSt ring());

//Update the value of milli by adding the random number to it.
milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of the
current letter.
i = i + milli;
//Add this as a string to the return string
}
}

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}

//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5CryptoServic eProvider();
keyArray =
hashmd5.Compute Hash(UTF8Encodi ng.UTF8.GetByte s(key));
//Always release the resources and flush data of the
Cryptographic service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypto ServiceProvider ();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tran sformFinalBlock (toEncryptArray , 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Len gth);
}

--
Regards JJ (UWA)

--
Regards JJ (UWA)

Apr 22 '07 #1
22 7641
j1mb0jay wrote:
I have had to create a simple string encryption program for coursework,
I have completed the task and now have to do a write up on how it could
be improved at a later date. If you could look through the code and
point me in the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.
Some reflections:

:: Use a StringBuilder when concatenating the string. Your solution

:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5 is
a hashing algorithm and doesn't do any encryption at all.

:: If the task was to actually create encryption, you have not completed
it. As you are using a hash, the string can not be decrypted into the
original string.

--
_____
http://www.guffa.com
Apr 22 '07 #2
j1mb0jay wrote:
>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful. Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.

Some reflections:
>>Use a StringBuilder when concatenating the string. Your solution
>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
is
a hashing algorithm and doesn't do any encryption at all.
>>If the task was to actually create encryption, you have not
completed
it. As you are using a hash, the string can not be decrypted into the
original string.
I have the methods to turn it back into the orignal and i use them on my
applications.
Does this mean i am encrypting ?

--
Regards JJ (UWA)

Apr 22 '07 #3
Hi... It looks a bit overly complex to me but I'll assume it is doing what
you intend. I'd make the suggestion that you simplify the process where
possible however. From the look of it many of the interim values aren't
really used anywhere (though I may have missed it) so you can probably get
your random integer var set this way.
Random random = new Random();
int randomInt = (int) ( random.NextDoub le() * 100 );
And the various additions and concatenations can use the += operator so
these:
milli = milli + randomInt;
i = i + milli;
become:
milli += randomInt;
i += milli;
ePassword += ( "-" + i.ToString() );
As Göran points out you may want to use a StringBuilder as well.

I guess if I had a question it would be is there slightly less complicated
way to get the non-matching hash if that is your goal? Do you consider it
more secure by virtue of the particular algorithm used to adjust it?
"j1mb0jay" <ja**@aber.ac.u kwrote in message
news:11******** *******@leri.ab er.ac.uk...
>I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look through the code and point me
in the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same hash
stored in the database.

{
//Creates a random number generator.
Random random = new Random();
//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase64 (randomInt.ToSt ring());

//Update the value of milli by adding the random number to it.
milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of
the current letter.
i = i + milli;
//Add this as a string to the return string
}
}

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}

//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5CryptoServic eProvider();
keyArray =
hashmd5.Compute Hash(UTF8Encodi ng.UTF8.GetByte s(key));
//Always release the resources and flush data of the
Cryptographic service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypto ServiceProvider ();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tran sformFinalBlock (toEncryptArray , 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Len gth);
}

--
Regards JJ (UWA)

--
Regards JJ (UWA)

Apr 22 '07 #4
Tom Leylan wrote:
Hi... It looks a bit overly complex to me but I'll assume it is doing
what you intend. I'd make the suggestion that you simplify the
process where possible however. From the look of it many of the
interim values aren't really used anywhere (though I may have missed
it) so you can probably get your random integer var set this way.
> Random random = new Random();
int randomInt = (int) ( random.NextDoub le() * 100 );

And the various additions and concatenations can use the += operator
so these:
> milli = milli + randomInt;
i = i + milli;

become:
> milli += randomInt;
i += milli;
ePassword += ( "-" + i.ToString() );

As Göran points out you may want to use a StringBuilder as well.

I guess if I had a question it would be is there slightly less
complicated way to get the non-matching hash if that is your goal? Do you
consider it more secure by virtue of the particular algorithm
I do understand the code could do with a good tidy up, thank you for the
methods of doing this. I hope when I shorten the methods and use more
correct
coding constructs it will become less complex to read.

We had to write a simple encryption method and decryption method for the
coursework, I just wanted to try and use MD5 and base64 to turn the output
of the encryption into something a little less readable. Was I incorrect in
doing this ?
I thought it would be for the greater good of the encryption !

Apr 22 '07 #5
On Sun, 22 Apr 2007 13:54:55 +0100, "j1mb0jay" <ja**@aber.ac.u k>
wrote:
>I have had to create a simple string encryption program for coursework, I
have completed the task and now have to do a write up on how it could be
improved at a later date. If you could look through the code and point me in
the correct direction one would be very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the passwords,
so two users with the same password will not have the same hash stored in
the database.

{
//Creates a random number generator.
Random random = new Random();
Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
examples.

//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase6 4(randomInt.ToS tring());

//Update the value of milli by adding the random number to it.
milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of the
current letter.
i = i + milli;
//Add this as a string to the return string
}
Have a look at using System.Security .SecureString instead of a plain
}

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}
You can use Encoding.UTF8.G etBytes to convert a string to bytes.

>
//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5 should not be used in new applicatins as it has some weaknesses.
Better to use SHA-256 or SHA-512.
>MD5CryptoServi ceProvider();
keyArray =
hashmd5.Comput eHash(UTF8Encod ing.UTF8.GetByt es(key));
//Always release the resources and flush data of the
Cryptographi c service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypt oServiceProvide r();
3DES should not be used except for backwards compatibility - its 64
bit blocksize is too small for safety. Use AES (=Rijndael) instead as
it uses 128 bit blocks.
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electron ic code Book)
tdes.Mode = CipherMode.ECB;
A bad choice. ECB mode leaks information. For a good illustration
(literally) see
http://en.wikipedia.org/wiki/Block_c...s_of_operation

You should use either CBC or CTR mode.

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tra nsformFinalBloc k(toEncryptArra y, 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Le ngth);
}

--
Regards JJ (UWA)
Apr 22 '07 #6
rossum wrote:
On Sun, 22 Apr 2007 13:54:55 +0100, "j1mb0jay" <ja**@aber.ac.u k>
wrote:
>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful.

Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the
same hash stored in the database.

{
//Creates a random number generator.
Random random = new Random();
Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
examples.

> //Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;

//Case the double into and int (loosing all decimal
places) int randomInt = (int)roundedRan domNo;

//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;

//Convert the milli second and the random int into a
string and add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) +
"-" + ConvertToBase64 (randomInt.ToSt ring());

//Update the value of milli by adding the random number
to it. milli = milli + randomInt;

//Foreach character in the paratmeter string "password"
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation
of the current letter.
i = i + milli;
//Add this as a string to the return string
}
Have a look at using System.Security .SecureString instead of a plain
> }

private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}

return System.Convert. ToBase64String( enc);
}
catch
{
}

return string.Empty;
}
You can use Encoding.UTF8.G etBytes to convert a string to bytes.

>>
//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray =
UTF8Encoding.U TF8.GetBytes(to Encrypt);

// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5 should not be used in new applicatins as it has some weaknesses.
Better to use SHA-256 or SHA-512.
>MD5CryptoServi ceProvider();
keyArray =
hashmd5.Comput eHash(UTF8Encod ing.UTF8.GetByt es(key));
//Always release the resources and flush data of the
Cryptographi c service provide. Best Practice

hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypt oServiceProvide r();
3DES should not be used except for backwards compatibility - its 64
bit blocksize is too small for safety. Use AES (=Rijndael) instead as
it uses 128 bit blocks.
> //set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electron ic code Book)
tdes.Mode = CipherMode.ECB;
A bad choice. ECB mode leaks information. For a good illustration
(literally) see
http://en.wikipedia.org/wiki/Block_c...s_of_operation

You should use either CBC or CTR mode.

ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to
resultArray byte[] resultArray =
cTransform.Tra nsformFinalBloc k(toEncryptArra y, 0,
toEncryptArray. Length); //Release resources held by
TripleDes Encryptor tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Le ngth);
}

--
Regards JJ (UWA)
I will post back later with the changes you sugested. Thank you.

--
Regards JJ (UWA)
Apr 22 '07 #7
On Sun, 22 Apr 2007 15:16:37 +0100, "j1mb0jay" <ja**@aber.ac.u k>
wrote:
>j1mb0jay wrote:
>>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful. Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqO ggOt5VUzRc+sVtg PPQJt5xen7WksC3 SljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+ UgdViO6SlZtPZ66 DzZ1tGFifpq3QkH r9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.

Some reflections:
>>>Use a StringBuilder when concatenating the string. Your solution
>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
is
a hashing algorithm and doesn't do any encryption at all.
>>>If the task was to actually create encryption, you have not
completed
it. As you are using a hash, the string can not be decrypted into the
original string.

I have the methods to turn it back into the orignal and i use them on my
applications .
Does this mean i am encrypting ?
You are using MD5 to generate a key from the user password using the
time as salt. The actual encryption uses 3DES.

rossum
Apr 22 '07 #8
j1mb0jay wrote:
>j1mb0jay wrote:
>>I have had to create a simple string encryption program for
coursework, I have completed the task and now have to do a write up
on how it could be improved at a later date. If you could look
through the code and point me in the correct direction one would be
very grateful. Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqO ggOt5VUzRc+sVtg PPQJt5xen7WksC3 SljaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+ UgdViO6SlZtPZ66 DzZ1tGFifpq3QkH r9MX9O/JQkojuS2O0IYIG

As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.

Some reflections:
>>>Use a StringBuilder when concatenating the string. Your solution
>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
is
a hashing algorithm and doesn't do any encryption at all.
>>>If the task was to actually create encryption, you have not
completed
it. As you are using a hash, the string can not be decrypted into the
original string.

I have the methods to turn it back into the orignal and i use them on my
applications.
No, you don't. You can not recreate the original from it's hash code.
Does this mean i am encrypting ?

--
_____
http://www.guffa.com
Apr 22 '07 #9
:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5 is
a hashing algorithm and doesn't do any encryption at all.
Some people call hashing "one way encryption".

Arne
Apr 23 '07 #10

This thread has been closed and replies have been disabled. Please start a new discussion.