By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,559 Members | 1,180 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,559 IT Pros & Developers. It's quick & easy.

basic string encryption

P: n/a
I have created some simple string encryption in C# to be able to store
passwords in a database without them being stored in plain text.

I have attached a encrypted passage from a book I like. Please let me
know if it is really simple to crack.

Regards j1mb0jay
Oct 31 '07 #1
Share this Question
Share on Google+
7 Replies


P: n/a
j1mb0jay wrote:
I have created some simple string encryption in C# to be able to store
passwords in a database without them being stored in plain text.

I have attached a encrypted passage from a book I like. Please let me
know if it is really simple to crack.

Regards j1mb0jay
Here is the encryption ......

OzJIxucXWDbrfLHAzp+ds4yEqzoCt3fe3A1ZFIdBHR2hil7FGr rNb1aVc/I7lj6fGK7ahlzpQFY4E8WEQ8YnbbEp5EHYu5vMtqIwSWvkiYXI DX2Yb8V/IEPUBztzrG1QGdR1Ifo8Dd2Vf7szRBKKipSlWGJwxswxRNVXKC IwiexC2EfbF8sZQLt4oNGvYMBKFJxvBZU1WG/0JnTIYZXXCUuMiQJ4U2NkMMCMApmWwiD8r9Rs7NA/lfm++uHG0NF4uJN7ZLOcSy6goX8Iv8LyIHjuQNeqfxR/flZlnp9z0UgBl3sPpvPcxuC2pyzHXa0Dd6UTCwUPy/G/ESLs7wgW8zgTxYRDxidtzVifz5QcxwMb+ZeFrFGXHMh6WJJicg 7LA2fKf7ONC+aj/C2Na6Rzbl95IO08trS+RZZYyJSCLb3XWGqGyqZfAv8EWyLRHig dy3L6d72ZJXpeyzIY/OXZJZRjhr1aM+sk+iXXlRAx53oC40HJCjZhqblaNX5ZORl6Lb2 c7lZwql8sq7LUpajUTsBtFPfJs0Ma+kAq6QQMSXMsWfDJwZkEE wGXew+m89zGAhRiKMXyNdcRqWMhNXYdK5WW8QXZj9a6YK1ff8x 1U1/XJoh77ocFTo0/f/vR/r8iyA19mG/FfyBJb1/F5bwUYlyerpA2oZtlel+v9QBG5fe7tP0KdMhPCmN0858Nh5C9+ kAq6QQMSXOMhKs6Ard33rmGYMeqo+oa07b8Ogtv+nbcyujWGN8 DjRGHiJdqhnzn2pH3sEKwm2M4E8WEQ8YnbfZh4gMK3T6cczvVo bcAaLt52DheOlXAoRhskC9Q4uHi2FvDSowZSbaQcOw9nsCqrnK JRlQYiW6NUVDsJ0GVR0zQjpKUUmYjVzx/gVbpMzXivpreAzBfxk3vgcVJwQSBKJWW8QXZj9a6PWYNuMbEi1 YC40HJCjZhqVb3KoNMq+oocJ7CqYJbVU7vfF7MCH4voJWW8QXZ j

9a6yHpYkmJyDsv4mE5+esy3JSPTb95lX5EYqzc+NXYz/UJEQuWHQetwu4yo6RxuOc6Tr790cDLmaPVS2NLgo7uOzdZD87F 6fdCZAhRiKMXyNdcdJmi9oy8Fp5Hb+8u8uvV2l41VGTEXYEto4 Jv6KN+F3ebLoFjEw3mA4LanLMddrQOD4m+SK0IWCObLoFjEw3m ABFDOfWIedv/0GabpExgHbuV/UMqJ/BzLOBPFhEPGJ20WUEjSn9BZ/pSNXxpWRvST9CZ0yGGV1wn4mE5+esy3JWnZsaMhzHZO2m/Nj3/KBh4EUM59Yh52/zCaH4fY+mOYQ9QHO3OsbVC6MN+rUT4GTJOIPSe5i9qTv0VqUje Wgu8k/1SGGIwjJIn2POBt9oMXnrUkshcYcxnU/SgZpNFksTC1WTReO9pW+KQL8jBqxMVNg+V/sTEtJi29nO5WcKpfEMSvq1z6KWNM1i/kh6bK59zK6NYY3wONrCgrKo6dnjtQJYxEpx1pTF95IO08trS+A +aI2JCNi+HQjpKUUmYjV09PNbcnm2eUdsjRgX+3czwM1zt4c4J pOBYwyhPncgQGvqRiyTnDiRA1wYnnNFm4+jY2DNzw+XQCvW/AKr5ZF3q4xmqYYjjsJ8Ypx5zGor5on4V3jFlmnCN0582Ym+/PRuC2pyzHXa0D1X6dHnuLTcENBMFEPbVTzjY2DNzw+XQCgkQmq 6Q8g5Nlx7coCsgge2TtZfWgl50o9Bmm6RMYB27XPh+zDVsSTNz K6NYY3wON5ruCO2GSj5TPHR7Gx73FEnKjwrLJjqCmOh3ME7qvv UFZrZbXDwBB++fNubRiCtsZLhpgN8HKB9CjLq5YniyHKmGBEDM m130VkuRmCMQwxHbwFBN8kHGnzHKjwrLJjqCmel+v9QBG5feZx QJJNzMVbN6ghFJt5GKTsF4jAqK6EyZlc2eX/p8V++54MaWhQ0uYR4j00x8gAnS5WjV+WTkZetF7CQ
r
yJA/fNIt+PX0XkDHUwaYHgCYMfpOktOZ+Cr/BhX9eivAsGKuVlvEF2Y/WunbkvyHa0sKsUCWMRKcdaUyPlGg2txfXifpAKukEDElzRDEHP Op8esdfeSDtPLa0vpAfkHxux4rz8eCFXh3G/tyMqOkcbjnOk8h6WJJicg7LS4yJAnhTY2SNSGU/vzMxsc5y13jbH3kNSrCilAD7biR2yNGBf7dzPIxkrkr1a6HAj5 RoNrcX14n6QCrpBAxJc6J3LtJHtoXDhN1YzzYeCvKEMnvj82Wk YlZRA5pvNemE5X9Qyon8HMtRUOwnQZVHTBDEr6tc+ilj0MGBVC hhfhHnzbm0YgrbGZ0kypvljs5/ENnE3QkiyapNmUfHh49Q4CcCKmZvq6mhAdLqS7Fty2TceDM7fi lA/n2wM+I+yPM0GRYCBoGBHhdcnq6QNqGbZXpfr/UARuX3L0WhO1WLkOTbQauxutO3VwIgvNIdIeDdmFzSHEguQX26 MN+rUT4GTK/yOHxrrqtQgooH8faD9VD6QCrpBAxJcxfLh/aqLrwb19G/wEC5QAxmZUV9HD1d5xjQfe2X4pYcGGyQL1Di4eK+mt4DMF/GTfikC/IwasTFXJ6ukDahm2U74QjhuwA0IgLjQckKNmGpu/4ZW/2frGfcyujWGN8Djea7gjthko+Ueu08D+me9ZnFXeW6CBqGOsni p9lOWXBhOm7kSWLb7GzEVPryPrqJTtzK6NYY3wON5hvkRgYRqt FeyzIY/OXZJV95IO08trS+yeKn2U5ZcGElsN8H/VZExjgTxYRDxidtKu1O0mdzoLkg4iYOUHnbblyerpA2oZtlO+E I4bsANCL784P4Wpl7hE4+o4vDCVRbOBPFhEPGJ202VwhTPA9oP pSb+uWvXAwhgMu/Z4KSLzgPV/eQPopuXvFIysSBNdpt5825tGIK2xnfqnXnvf1I5mxg7VeT7Ja1 X3kg7Ty2tL6NKCByKGutu57I
P
diOsWF4XygFv6+GPb1wnsKpgltVTnelEwsFD8vxX3kg7Ty2tL5 X8bXnEN6iCTT7W5Pug6tVczvVobcAaLs/rpEb1JdRg57IPdiOsWF4fJEvIH1AQIj0JnTIYZXXCdhiu0UeVF ClRL2KCFAyRxFfeSDtPLa0vrBeIwKiuhMmeamhEg41LKn6QCrp BAxJc1wZi8HOCuBEVkuiItgDkqAin/ky2OADfbE8pa46P2hzveEznRzKDmdC2EfbF8sZQF3vauzFBWQL MMCMApmWwiA9g1Xd6QNutnoV0KGl0V2vjs/nD8hy0er0JnTIYZXXCYWaIAh5i0AjX3kg7Ty2tL6QH5B8bseK8 wLjQckKNmGpuIyNmo4+mxM2Ngzc8Pl0AroBGf07C1ikqKq564l D/FWNSGU/vzMxsawJQ7J2f1KaVkuiItgDkqDcNLbnTQprJ6+/dHAy5mj1lDVBzEpxwns4E8WEQ8YnbZhdiKRTsJhJjUhlP78zMb HzTK8u7pEqyb8cElBZC5eSzazdd7q7aof0JnTIYZXXCZhdiKRT sJhJX3kg7Ty2tL49FzBVZmiBtfjUiN7DOTu+jUhlP78zMbGsCU Oydn9SmkRC5YdB63C7jT9/+9H+vyKLdXTnwKjvGATWhR24FKWlFh0ekc72jpiYpeBlvo5S/RhskC9Q4uHi+kAq6QQMSXPrwCyeCcPKtlsmBdFrqSur2FvDSow ZSbaQcOw9nsCqrs8dHsbHvcUSczvVobcAaLsyG2B81ObxSPjUi N7DOTu+gMu/Z4KSLziTpLTmfgq/wfiYTn56zLcltkgjuMrInJwwtVk0XjvaVkuG/AYwOA+pjKjpHG45zpMAr8NSX8pZ1KkuCATaw4oQ5d1w402OY0v 8tb0SFR2izR0zQSvSA2LDXCrIA73IyAjeoIRSbeRikycCKmZvq 6mh/gVB4UNrak5qHFrlwstx8TIbYHzU5vFIUiAEw74/hlZC2EfbF8sZQM
B
PIvb3SFrDSsxBWA154b8CQHxuQ9EU9AzXO3hzgmk4PnKshPger gN52DheOlXAocBtFPfJs0MaiaDmKY2TuBOmXV0ROsa9dvHghV4 dxv7caoPyCXkPygVCimnVGSy1SWXHtygKyCB7WfOuWMME5MFDz paqGCKvNtDr3M+Vp9v7J/9CMBi8HC7nzbm0YgrbGdhiu0UeVFCltkgjuMrInJw9g1Xd6QNu tvikC/IwasTF6+28YJFO+XUQ2cX8rZNIfN9Pd/HB5hbRZO1l9aCXnSgTSul8Xxu6RzCsBwip1xlA5825tGIK2xlM W0f2Q0Yc7Bv5l4WsUZccyHpYkmJyDsu2oUIWODavfubLoFjEw3 mAl41VGTEXYEvVfp0ee4tNwbZII7jKyJyc/K/UbOzQP5X5vvrhxtDReLiTe2SznEsun9A31VTQeQ/IeliSYnIOy0F+LHV0djGgWtjvyEdwz1XRsthZUV01xWaZ3YCI2 a1dxinHnMaivmjrwCyeCcPKttdYaobKpl8C0XsJCvIkD99e55j MND/927ow36tRPgZM1lN1we/o2WcpNU+YjmU8uYyo6RxuOc6TkjgYLYzYcM2eyD3YjrFheMZOi yemf8I1Oh3ME7qvvUETtVduPXJCZ41IZT+/MzGxkuRmCMQwxHbywDeqfnzgZQGXew+m89zGeO5A16p/FH+u+B264FDV13M71aG3AGi74QZYVjiDL+FkZf5jX/4DXQCOy+yhxZoZI9Nv3mVfkRgs57aInRf4ILKxpVwLfBqXu1op Cu9XQDXcyujWGN8DjUPGTNxHl1K3OrjkTPQDBtQ4E8WEQ8Ynbf bJdiSy+bPwmy060I7TI+bIeliSYnIOywiFPqDGE1C6I75tBqJ4 ku7ueDGloUNLmEeI9NMfIAJ00a/9Q0D7rexC2EfbF8sZQNM28OHxbJRXu8Q9UE8zJ3HNlFtfOvcEW YNeWixTSx7OZce3KArIIHs4E8WEQ8Yn
b
TZqc1g9ij1CvRBdUTKCNF4CFGIoxfI110eI9NMfIAJ0WyYF0Wu pK6vYW8NKjBlJtpBw7D2ewKquzx0exse9xRKra2nyMMUesmGrQ bPhmbiZveEznRzKDmc4E8WEQ8YnbQNnyn+zjQvmaW1Qgugkyr+ JoOYpjZO4E6XXs7wKcVa5vxwSUFkLl5LNrN13urtqh6GKXsUau s1vncxa4vlXqxmGpWUnWA/MLpgpK7TcPdm9r/I4fGuuq1Bkj+7r0WYQsmlkLAVofbLu4LanLMddrQOidy7SR7aF w09PNbcnm2eUxV3luggahjrSWfntw80fhmaZ3YCI2a1dAhRiKM XyNdcgzxw0/Mo3THM71aG3AGi7RZCnEXV3ZlpqQXkhQqQajmGBEDMm130VJfg 9FBWubQH5PF+Vj27xKbiTe2SznEsul41VGTEXYEtd72rsxQVkC 2N0858Nh5C9CgD/JnsNOk0TSul8Xxu6RwR91wFwjwSB2FvDSowZSbaQcOw9nsCqrs 8dHsbHvcUSahxa5cLLcfE9LgUs2+lyBLsFiTRJXptUifY84G32 gxf0GabpExgHbgDGg/vkgowZ5825tGIK2xnrwCyeCcPKtqkuCATaw4oQNjYM3PD5dAIk 4ByuiY2KHzZj59HSso/v3qCEUm3kYpP61uK09B0+fxhDTiG1mbs/iaDmKY2TuBN9sDPiPsjzNLiTe2SznEsuAhRiKMXyNddU0Aa2Vp 6iuxv5l4WsUZccmD2uqeqcv2/lDs/wnCOeUaP8O63L0/u8Gw58tyc48IiKKZNUfIjoXJRjhr1aM+skmKXgZb6OUv24k3tk s5xLLjY2DNzw+XQCfywD1VZmO4CoqrnriUP8VRBGzc4Hvj9d+k Aq6QQMSXPxQLePN4cChI1IZT+/MzGxYatBs+GZuJnPHR7Gx73FEhW/XXmqe1T89CZ0yGGV1wllwWNkt7Jm7gpvR0GuglTYjKjpHG45zp PUInI8hl
N
41pTqeW9wFmOELOQZ8cwnKKqTpLTmfgq/wYV/XorwLBirvRBdUTKCNF52yNGBf7dzPJALp5Zcqcp3QijIIRY+QL Dgtqcsx12tA4CVjfOSIa/mhbKcj8cHqtDgtqcsx12tA9ObEdPaKxQEtqIwSWvkiYVBvA5En AG7EJSNXxpWRvSTNjYM3PD5dAK9b8AqvlkXemNmSUTROKET39P p7BQMsPJ+JdnUQnHdcQfmblsaYv+t1kPzsXp90JmSSrLIWDChF stXaAiYfBqjcqPCssmOoKZAyX6iVgvhett0mZC6ohkjxV3lugg ahjr0GabpExgHboiWYT0eiCRRHoYWm7lsNqLAaxbWsHQVNGVzZ 5f+nxX7eO5A16p/FH+H9OwZ63kyJL8RIuzvCBbzdsjRgX+3czyHYcCjMyQgI41IZT +/MzGxLGBXWhyXbME1wYnnNFm4+izkGfHMJyiqk6S05n4Kv8E21Q Atqjfk5c/Lvb4t32ANkuRmCMQwxHaFf16K8CwYqyCSIu/ypU2vAhRiKMXyNdeJKzTwVsIah3KjwrLJjqCmkuRmCMQwxHafh XeMWWacI96ghFJt5GKTTGvbqs+e3ZpSp1aBheu0Wu+BxUnBBIE oaWQsBWh9su44E8WEQ8YnbfiYTn56zLcl1kPzsXp90JmJoOYpj ZO4E40oIHIoa627uwWJNElem1Q4E8WEQ8YnbQzXO3hzgmk4cqP CssmOoKbIeliSYnIOy4V/XorwLBirMMCMApmWwiACQHxuQ9EU9I9ulOCYEoKe1MGmB4AmDH 5FlljIlIItvfEmELwHU0Uyzd57nw3Zp8cUgtzLa7iMRq0xoTAn wEGodsjRgX+3czz4pAvyMGrExVygbtreSpJfOBPFhEPGJ21ybP 0t1CG5OJhVzRWZVfRLYYEQMybXfRV52DheOlXAoc8dHsbHvcUS X3kg7Ty2tL4nAipmb6upofiYTn56zLclI9Nv3mVfkRirNz41
d
jP9QsYXl8l8Ygi8Fh0ekc72jpgyG2B81ObxSJ7IPdiOsWF4YYE QMybXfRW6ARn9OwtYpCirLnWwd21doKF/CL/C8iD0JnTIYZXXCRfUIX+MY9S5js/nD8hy0eo4E8WEQ8YnbevALJ4Jw8q2y2ly5K3h5Bk4E8WEQ8Ynb bEp5EHYu5vMGcCntxHKDfwnAipmb6upoZhdiKRTsJhJPnKshPg ergOS5GYIxDDEdtBJj7iv8LsvaoPyCXkPygVaCwdkCu8Dllb3K oNMq+ooLScNeQgXcA+sKCsqjp2eOzT7W5Pug6tVlZbxBdmP1rq vv3RwMuZo9Zhc0hxILkF91h/g+IrBUB0dM0Er0gNiw8eVPGe7xgC6oKF/CL/C8iD6QCrpBAxJc4yEqzoCt3fej5RoNrcX14nRewkK8iQP364uk C6DQzZIY3Tznw2HkL3GKcecxqK+aHH5phsUqoEp1MGmB4AmDH5 C3xxPP+XwN88dHsbHvcUSlZbxBdmP1rqvv3RwMuZo9XD3II3pO HBQiaDmKY2TuBPAg+LtRU5NvuINSVBOtUru3Mro1hjfA43J4qf ZTllwYTpu5Eli2+xsjUhlP78zMbG7FVZc2kYVQP66QdlIurK7N jYM3PD5dAIs4jpZidV+e1XhiEXO02xm9CZ0yGGV1wkQ2c9KS+0 137ow36tRPgZMkuRmCMQwxHbgUILEP+RjRJRjhr1aM+skENnF/K2TSHyjkAo3kyXFjNhbw0qMGUm23oFQ7g8ZG8jjxtO7WOK/E41IZT+/MzGxXbrfLlxBkuHx4IVeHcb+3F95IO08trS+++zGaZvZyzI=
Oct 31 '07 #2

P: n/a
Here's another idea... don't store passwords... hash them (with salt)
and store the hash. To verify, re-hash (with salt) and compare hashes.
For example, HMACSHA[n]

If you genuinely need encryption, consider things like
RijndaelManaged; don't roll your own unless you genuinely understand
cryptography.

http://msdn2.microsoft.com/en-us/lib...ptography.aspx

Marc

Oct 31 '07 #3

P: n/a
j1mb0jay,
Is it realistic to expect readers to take and attempt to "crack" your custom
encrypted text? What's the goal here? There are plenty of well-tested, best
practices encryption protocols already built into the Framework, no need to
reinvent the wheel and then look for accolades about it.
-- Peter
// Abandon all hope, ye who enter here.
http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
BlogMetaFinder: http://www.blogmetafinder.com

"j1mb0jay" wrote:
I have created some simple string encryption in C# to be able to store
passwords in a database without them being stored in plain text.

I have attached a encrypted passage from a book I like. Please let me
know if it is really simple to crack.

Regards j1mb0jay
Nov 1 '07 #4

P: n/a
Marc Gravell wrote:
Here's another idea... don't store passwords... hash them (with salt)
and store the hash. To verify, re-hash (with salt) and compare hashes.
For example, HMACSHA[n]

If you genuinely need encryption, consider things like
RijndaelManaged; don't roll your own unless you genuinely understand
cryptography.

http://msdn2.microsoft.com/en-us/lib...ptography.aspx

Marc
I created this using MD5 and Tripel DES with a few of my own touchs on
top of them. I didnt want to just store password with encryption. I
gussing you manged to convert the passage back to plain text?

Regards j1mb0jay
Nov 1 '07 #5

P: n/a
Peter Bromberg [C# MVP] wrote:
j1mb0jay,
Is it realistic to expect readers to take and attempt to "crack" your custom
encrypted text? What's the goal here? There are plenty of well-tested, best
practices encryption protocols already built into the Framework, no need to
reinvent the wheel and then look for accolades about it.
-- Peter
// Abandon all hope, ye who enter here.
http://www.eggheadcafe.com
unBlog: http://petesbloggerama.blogspot.com
BlogMetaFinder: http://www.blogmetafinder.com

"j1mb0jay" wrote:
>I have created some simple string encryption in C# to be able to store
passwords in a database without them being stored in plain text.

I have attached a encrypted passage from a book I like. Please let me
know if it is really simple to crack.

Regards j1mb0jay
My point was to see if my coursework would last outside of the protected
walls of academia. I haven't really re-invented the wheel just added a
few my own touches to existing technologies such as triple DES and MD5,
which are built into the framework like you stated.

Breaking encryption is also a big part of the course that I am taking at
the moment.

Sorry if my post wasn't to taste.

Regards j1mb0jay
Nov 1 '07 #6

P: n/a
I gussing you manged to convert the passage back to plain text?
Nope; I didn't try... in general, this group tries to give overall
best-practice guidance; for the average programmer (i.e. writing
business code), attempting your own crypto code is a very bad idea,
and is likely to be insecure. Likewise storing passwords purely for
user-authentication purposes is usually a mistake. This was the best-
practice knowledge that I was trying to impart.
I created this using MD5 and Tripel DES
Again, in best-practice terms, AES and SHA [2 or higher] variants
would be adviseable, since both MD5 and Triple DES have weak-spots;
but if the exercise is to further your knowledge of enryption (rather
than to protect your employer's money), then fine.

You didn't specify that you intent was academic; ok - if you want to
roll encryption, and you know what you are doing - great! However, if
you want meaningful assessment of your efforts, then you'd do a lot
better on a security / encryption forum - where people have the
expertise and tools to tear your cipher to shreds (or not, depending
on how good it is ;-p). The real test is: if you post the code
(excluding any private keys), does it remain secure? [that is
rhetorical; please don't post it - just ask the question of your
code]. If not, it isn't secure.

Marc

Nov 1 '07 #7

P: n/a
j1mb0jay wrote:
I created this using MD5 and Tripel DES with a few of my own touchs on
top of them. I didnt want to just store password with encryption.
I think you should study some cryptography.

One of the basic rules for cryptography is that the security
should rely purely on the keys and not on the secrecy of the
algorithm used.

MD5 is for hashing. 3DES is for encryption. Use of both sound
let us call it "exotic".

Arne
Nov 3 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.