473,246 Members | 1,848 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,246 software developers and data experts.

Trying to encrypt a string

Hello,

I'm trying to encrypt passwords in my app. After discovering that
there's no simple function to do this, I wrote a wrapper class which
decodes a string using UTF8, encrypts it with TripleDES and returns a
Base64-encoded string. The decryption function does the reverse, i.e.
Base64-decodes the string, decrypts it with the same Key and IV, and
encodes it again with UTF8. The problem is that after decrypting, the
8th character is not the same as it was before, e.g. in the example
below "testtest" changes to "testtesC". It's always on the 8th
character, all others are correctly decrypted. And the really strange
thing is, if you enable the commented-out code in Main(), it works
correctly! I've tried recreating the TripleDESCryptoServiceProvider on
every encrypt/decrypt, but that doesn't help.

Can anybody explain what's going on? Is this a(nother) bug in .NET
itself?

Here's the code I'm using:

using System;
using System.Text;
using System.Security.Cryptography;

public sealed class Crypto
{
private static TripleDESCryptoServiceProvider des;
private static TripleDESCryptoServiceProvider DES
{
get {
if (des == null) {
des = new TripleDESCryptoServiceProvider();
des.Key = Encoding.UTF8.GetBytes("0123456789012345");
des.IV = Encoding.UTF8.GetBytes(System.Environment.MachineN ame);
}
return des;
}
}

public static string Encrypt(string text)
{
try {
if (text == "")
return "";
byte[] bytes = Encoding.UTF8.GetBytes(text);
ICryptoTransform encryptor = DES.CreateEncryptor();
return Convert.ToBase64String(encryptor.TransformFinalBlo ck(bytes,
0, bytes.Length));
} catch (Exception e) {
Console.WriteLine(e.ToString());
return "";
}
}

public static string Decrypt(string text)
{
try {
if (text == "")
return "";
byte[] bytes = Convert.FromBase64String(text);
ICryptoTransform decryptor = DES.CreateDecryptor();
return Encoding.UTF8.GetString(decryptor.TransformFinalBl ock(bytes,
0, bytes.Length));
} catch (Exception e) {
Console.WriteLine(e.ToString());
return "";
}
}

public static void Main()
{
string test = "testtest";

/*
Console.WriteLine(Encrypt(test));
Console.WriteLine(Decrypt(Encrypt(test)));
*/

string encrypted = Encrypt(test);
Console.WriteLine(encrypted);
string decrypted = Decrypt(encrypted);
Console.WriteLine(decrypted);
}
}
thanks,
markus

Dec 7 '05 #1
8 4241
By the way, this is on Windows 2000 with .NET 1.1.4322. I've also tried
on Windows 2003 (with same .NET version), and the result is "tesG?",
but with the commented-out code it works, too.

Dec 7 '05 #2
to********@gmail.com wrote:
I'm trying to encrypt passwords in my app. After discovering that
there's no simple function to do this, I wrote a wrapper class which
decodes a string using UTF8, encrypts it with TripleDES and returns a
Base64-encoded string. The decryption function does the reverse, i.e.
Base64-decodes the string, decrypts it with the same Key and IV, and
encodes it again with UTF8. The problem is that after decrypting, the
8th character is not the same as it was before, e.g. in the example
below "testtest" changes to "testtesC". It's always on the 8th
character, all others are correctly decrypted. And the really strange
thing is, if you enable the commented-out code in Main(), it works
correctly! I've tried recreating the TripleDESCryptoServiceProvider on
every encrypt/decrypt, but that doesn't help.


<snip>

I think you're ending up with an entire block of data, even though you
weren't submitting an entire block. I strongly recommend using
CryptoStreams instead of the transforms directly - that *should* sort
you out, I believe.

Jon

Dec 7 '05 #3

to********@gmail.com wrote:
Hello,

I'm trying to encrypt passwords in my app. After discovering that
there's no simple function to do this, I wrote a wrapper class which
decodes a string using UTF8, encrypts it with TripleDES and returns a
Base64-encoded string. The decryption function does the reverse, i.e.
Base64-decodes the string, decrypts it with the same Key and IV, and
encodes it again with UTF8. The problem is that after decrypting, the
8th character is not the same as it was before, e.g. in the example
below "testtest" changes to "testtesC". It's always on the 8th
character, all others are correctly decrypted. And the really strange
thing is, if you enable the commented-out code in Main(), it works
correctly! I've tried recreating the TripleDESCryptoServiceProvider on
every encrypt/decrypt, but that doesn't help.

Can anybody explain what's going on? Is this a(nother) bug in .NET
itself?

Here's the code I'm using:
Your posted code worked on my machine (XP, Framework 1.1) with a slight
necessary change:
des.IV = Encoding.UTF8.GetBytes(System.Environment.MachineN ame);


This only works if MachineName is the right size. The IV has to be the
same size as the algorithm's block size, which here is 64 bits, so I
guess your machine name is 8 bytes. Try with some other fixed 8 bytes
and see if that helps (I used Encoding.UTF8.GetBytes("01234567")).

--
Larry Lard
Replies to group please

Dec 7 '05 #4
> This only works if MachineName is the right size. The IV has to be the
same size as the algorithm's block size, which here is 64 bits, so I
guess your machine name is 8 bytes. Try with some other fixed 8 bytes
and see if that helps (I used Encoding.UTF8.GetBytes("01234567")).


You're right, that was it! Why can't they just say so in the docs?
*grumble*

Anyway, thanks a lot!
greetings,
markus

Dec 7 '05 #5
Jon Skeet [C# MVP] wrote:
I think you're ending up with an entire block of data, even though you
weren't submitting an entire block. I strongly recommend using
CryptoStreams instead of the transforms directly - that *should* sort
you out, I believe.


<snip>

For the sake of posterity: please ignore the answer given above.
Larry's answer is correct. (Note: you can use the GenerateIV method to
generate a random one.)

Jon

Dec 7 '05 #6
On 7 Dec 2005 03:05:27 -0800, to********@gmail.com wrote:
Hello,

I'm trying to encrypt passwords in my app. After discovering that
there's no simple function to do this, I wrote a wrapper class which
decodes a string using UTF8, encrypts it with TripleDES and returns a
Base64-encoded string. The decryption function does the reverse, i.e.
Base64-decodes the string, decrypts it with the same Key and IV, and
encodes it again with UTF8. The problem is that after decrypting, the
8th character is not the same as it was before, e.g. in the example
below "testtest" changes to "testtesC". It's always on the 8th
character, all others are correctly decrypted. And the really strange
thing is, if you enable the commented-out code in Main(), it works
correctly! I've tried recreating the TripleDESCryptoServiceProvider on
every encrypt/decrypt, but that doesn't help.

Can anybody explain what's going on? Is this a(nother) bug in .NET
itself?

Here's the code I'm using:
[snip code]
thanks,
markus


A thought - why are you decrypting passwords?

When the user enters a password just encrypt it and see if it matches
with the stored encrypted version. If the encrypted versions match
then the plaintext versions would have matched (assuming a reasonable
encryption scheme).

rossum
The ultimate truth is that there is no ultimate truth
Dec 7 '05 #7
Possibly because he needs to use the credentials for something. For example,
creating an app that cache's user credentials in the registry to access a
service on the web.

If you want to give end users a way to cache username and password, but have
to retrieve it back to text to pass it from your application.
--
kr**@n-sv.com.<Remove This Before Emailing>

Network & Software Integration
www.n-sv.com

"Helping put the pieces of your IT puzzle together"
"rossum" wrote:
On 7 Dec 2005 03:05:27 -0800, to********@gmail.com wrote:
Hello,

I'm trying to encrypt passwords in my app. After discovering that
there's no simple function to do this, I wrote a wrapper class which
decodes a string using UTF8, encrypts it with TripleDES and returns a
Base64-encoded string. The decryption function does the reverse, i.e.
Base64-decodes the string, decrypts it with the same Key and IV, and
encodes it again with UTF8. The problem is that after decrypting, the
8th character is not the same as it was before, e.g. in the example
below "testtest" changes to "testtesC". It's always on the 8th
character, all others are correctly decrypted. And the really strange
thing is, if you enable the commented-out code in Main(), it works
correctly! I've tried recreating the TripleDESCryptoServiceProvider on
every encrypt/decrypt, but that doesn't help.

Can anybody explain what's going on? Is this a(nother) bug in .NET
itself?

Here's the code I'm using:

[snip code]

thanks,
markus


A thought - why are you decrypting passwords?

When the user enters a password just encrypt it and see if it matches
with the stored encrypted version. If the encrypted versions match
then the plaintext versions would have matched (assuming a reasonable
encryption scheme).

rossum
The ultimate truth is that there is no ultimate truth

Dec 15 '05 #8
On Thu, 15 Dec 2005 15:41:02 -0800, kfrost <kr**@n-sv.com.(donotspam)>
wrote:
"rossum" wrote:
On 7 Dec 2005 03:05:27 -0800, to********@gmail.com wrote:
>Hello,
>
>I'm trying to encrypt passwords in my app. After discovering that
>there's no simple function to do this, I wrote a wrapper class which
>decodes a string using UTF8, encrypts it with TripleDES and returns a
>Base64-encoded string. The decryption function does the reverse, i.e.
>Base64-decodes the string, decrypts it with the same Key and IV, and
>encodes it again with UTF8. The problem is that after decrypting, the
>8th character is not the same as it was before, e.g. in the example
>below "testtest" changes to "testtesC". It's always on the 8th
>character, all others are correctly decrypted. And the really strange
>thing is, if you enable the commented-out code in Main(), it works
>correctly! I've tried recreating the TripleDESCryptoServiceProvider on
>every encrypt/decrypt, but that doesn't help.
>
>Can anybody explain what's going on? Is this a(nother) bug in .NET
>itself?
>
>Here's the code I'm using:
>

[snip code]
>
>thanks,
>markus


A thought - why are you decrypting passwords?

When the user enters a password just encrypt it and see if it matches
with the stored encrypted version. If the encrypted versions match
then the plaintext versions would have matched (assuming a reasonable
encryption scheme).

rossum
The ultimate truth is that there is no ultimate truth

Possibly because he needs to use the credentials for something. For example,
creating an app that cache's user credentials in the registry to access a
service on the web.

If you want to give end users a way to cache username and password, but have
to retrieve it back to text to pass it from your application.
--
kr**@n-sv.com.<Remove This Before Emailing>

Network & Software Integration
www.n-sv.com

"Helping put the pieces of your IT puzzle together"

Yes, that is a valid point. Only the final consumer of the password
does not need the plain text version.

Top posting changed to avoid confusion.

rossum

--

The ultimate truth is that there is no ultimate truth
Dec 16 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: wqhdebian | last post by:
As far as I know,when encrypt or decrypt ,a key must first be got,and the key is first generate by a tool or from SecurityRandom,that means I can not generate the same key with the same input.Does...
20
by: Drebin | last post by:
It's a long story really, but the bottom line is we need to encrypt or obfuscate a clear-text 9-digit SSN/taxpayer ID into something less than 21 characters. It doesn't need to be super-secure,...
7
by: Matthias S. | last post by:
Hi, I had a look at the vast information on encryption in the MSDN and got pretty confused. All I want to do is to encrypt a string into an encrypted string and later decrypt that (encrypted)...
8
by: Gidi | last post by:
Hi, Is there Buid-In fuction in C# that Encrypt and Decrypt strings? i have a textbox which i'm writing into file, and i want to encrypt it before writing, i'm not looking for something fancy,...
2
by: rino100 | last post by:
can anyone tell me why this c++ code works encrypting simple filenames but instead if you try to encrypt a filename like "video - 833 12_ ..avi" it doesn't rename the file?????? #include...
4
by: Islamegy® | last post by:
I give up.. I tried everything to encrypt querystring and decrypt it back but this never success.. i use RSA encryption. I always get excption when Convert fromBase64String so i tried...
2
by: fineman | last post by:
Hi all, I want to get a 64bit(8 bytes) Encrypt result use DES class in the VS2005. Though I encrypt data is 64bit(8 bytes), but DES return encrypt result that always is 128bit(16 bytes), I don't...
3
by: JDeats | last post by:
I have some .NET 1.1 code that utilizes this technique for encrypting and decrypting a file. http://support.microsoft.com/kb/307010 In .NET 2.0 this approach is not fully supported (a .NET 2.0...
0
by: lildiapaz | last post by:
Hi, everyone I'm developing a c# windows application that allows the user to encrypt any file type. i would like to encrypt the file using a powerful encrypting algorithm. I've tried to use the...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.