String Encryption Help

**=?ISO-8859-1?Q?G=F6ran_Andersson?=** · Apr 22 '07, 01:55 PM

Re: String Encryption Help

j1mb0jay wrote:

I have had to create a simple string encryption program for coursework,
I have completed the task and now have to do a write up on how it could
be improved at a later date. If you could look through the code and
point me in the correct direction one would be very grateful.
>
Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG
>
As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same
hash stored in the database.
>

Some reflections:

:: Use a StringBuilder when concatenating the string. Your solution
scales very badly.

:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5 is
a hashing algorithm and doesn't do any encryption at all.

:: If the task was to actually create encryption, you have not completed
it. As you are using a hash, the string can not be decrypted into the
original string.

--
Göran Andersson
_____

guffa.com

http://www.guffa.com

Göran Anderssons privata hemsida.

**j1mb0jay** · Apr 22 '07, 02:25 PM

Re: String Encryption Help

Göran Andersson wrote:

j1mb0jay wrote:

>I have had to create a simple string encryption program for
>coursework, I have completed the task and now have to do a write up
>on how it could be improved at a later date. If you could look
>through the code and point me in the correct direction one would be
>very grateful. Example Input : j1mb0jay
>Example Output 1 :
>rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
>Example Output 2 :
>8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
>Example Outout 3 :
>an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG
>>
>As seen above I have used the time as a factor when creating the
>passwords, so two users with the same password will not have the same
>hash stored in the database.
>>

>
Some reflections:
>

>>Use a StringBuilder when concatenating the string. Your solution
>>scales very badly.

>

>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
>>is

a hashing algorithm and doesn't do any encryption at all.
>

>>If the task was to actually create encryption, you have not
>>completed

it. As you are using a hash, the string can not be decrypted into the
original string.

I have the methods to turn it back into the orignal and i use them on my
applications.
Does this mean i am encrypting ?

Thank you for the reply.
--
Regards JJ (UWA)

**Tom Leylan** · Apr 22 '07, 03:35 PM

Re: String Encryption Help

Hi... It looks a bit overly complex to me but I'll assume it is doing what
you intend. I'd make the suggestion that you simplify the process where
possible however. From the look of it many of the interim values aren't
really used anywhere (though I may have missed it) so you can probably get
your random integer var set this way.

Random random = new Random();
int randomInt = (int) ( random.NextDoub le() * 100 );

And the various additions and concatenations can use the += operator so
these:

milli = milli + randomInt;
i = i + milli;
ePassword = ePassword + "-" + i.ToString();

become:

milli += randomInt;
i += milli;
ePassword += ( "-" + i.ToString() );

As Göran points out you may want to use a StringBuilder as well.

I guess if I had a question it would be is there slightly less complicated
way to get the non-matching hash if that is your goal? Do you consider it
more secure by virtue of the particular algorithm used to adjust it?

"j1mb0jay" <jap6@aber.ac.u kwrote in message
news:1177246508 .499118@leri.ab er.ac.uk...

>I have had to create a simple string encryption program for coursework, I
>have completed the task and now have to do a write up on how it could be
>improved at a later date. If you could look through the code and point me
>in the correct direction one would be very grateful.
>
Example Input : j1mb0jay
Example Output 1 :
rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
Example Output 2 :
8SFgIdt0K0GqOgg Ot5VUzRc+sVtgPP QJt5xen7WksC3Sl jaXC/H38pWpjZ37tHyY
Example Outout 3 :
an+RFZnhJpyv+Ug dViO6SlZtPZ66Dz Z1tGFifpq3QkHr9 MX9O/JQkojuS2O0IYIG
>
As seen above I have used the time as a factor when creating the
passwords, so two users with the same password will not have the same hash
stored in the database.
>
public string JJEncryption(st ring password)
{
//Creates a random number generator.
Random random = new Random();
//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;
>
//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;
>
//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;
>
//Convert the milli second and the random int into a string and
add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
ConvertToBase64 (randomInt.ToSt ring());
>
//Update the value of milli by adding the random number to it.
milli = milli + randomInt;
>
//Foreach character in the paratmeter string "password"
foreach (char c in password)
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of
the current letter.
i = i + milli;
//Add this as a string to the return string
ePassword = ePassword + "-" + i.ToString();
}
//Return the enrypted password.
ePassword = MD5Encrypt(ePas sword, true);
return ePassword;
}
>
private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}
>
return System.Convert. ToBase64String( enc);
}
catch
{
}
>
return string.Empty;
}
>
//Helped from CodeProject.com
private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);
>
// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new
MD5CryptoServic eProvider();
keyArray =
hashmd5.Compute Hash(UTF8Encodi ng.UTF8.GetByte s(key));
//Always release the resources and flush data of the
Cryptographic service provide. Best Practice
>
hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );
>
TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypto ServiceProvider ();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)
>
tdes.Padding = PaddingMode.PKC S7;
>
ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.Tran sformFinalBlock (toEncryptArray , 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
resultArray.Len gth);
}
>
--
Regards JJ (UWA)
>
--
Regards JJ (UWA)

**j1mb0jay** · Apr 22 '07, 03:45 PM

Re: String Encryption Help

Tom Leylan wrote:

Hi... It looks a bit overly complex to me but I'll assume it is doing
what you intend. I'd make the suggestion that you simplify the
process where possible however. From the look of it many of the
interim values aren't really used anywhere (though I may have missed
it) so you can probably get your random integer var set this way.
>

> Random random = new Random();
> int randomInt = (int) ( random.NextDoub le() * 100 );

>
And the various additions and concatenations can use the += operator
so these:

> milli = milli + randomInt;
> i = i + milli;
> ePassword = ePassword + "-" + i.ToString();

>
become:

> milli += randomInt;
> i += milli;
> ePassword += ( "-" + i.ToString() );

>
As Göran points out you may want to use a StringBuilder as well.
>
I guess if I had a question it would be is there slightly less
complicated way to get the non-matching hash if that is your goal? Do you
consider it more secure by virtue of the particular algorithm
used to adjust it?
>

I do understand the code could do with a good tidy up, thank you for the
methods of doing this. I hope when I shorten the methods and use more
correct
coding constructs it will become less complex to read.

We had to write a simple encryption method and decryption method for the
coursework, I just wanted to try and use MD5 and base64 to turn the output
of the encryption into something a little less readable. Was I incorrect in
doing this ?
I thought it would be for the greater good of the encryption !

**rossum** · Apr 22 '07, 05:25 PM

Re: String Encryption Help

On Sun, 22 Apr 2007 13:54:55 +0100, "j1mb0jay" <jap6@aber.ac.u k>
wrote:

>I have had to create a simple string encryption program for coursework, I
>have completed the task and now have to do a write up on how it could be
>improved at a later date. If you could look through the code and point me in
>the correct direction one would be very grateful.
>
>Example Input : j1mb0jay
>Example Output 1 :
>rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
>Example Output 2 :
>8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
>Example Outout 3 :
>an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG
>
>As seen above I have used the time as a factor when creating the passwords,
>so two users with the same password will not have the same hash stored in
>the database.
>
>public string JJEncryption(st ring password)
{
//Creates a random number generator.
Random random = new Random();

Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
Alternatively, write your own - google 'Yarrow' or 'Fortuna' for
examples.

//Creates a random int.
double randomNo = random.NextDoub le();
//Turns the double into a number that i can use.
double roundedRandomNo = randomNo * 100;
>
//Case the double into and int (loosing all decimal places)
int randomInt = (int)roundedRan domNo;
>
//Gets the current milli second.
int milli = DateTime.Now.Mi llisecond;
>
//Convert the milli second and the random int into a string and
>add it to an empty string;
string ePassword = ConvertToBase64 (milli.ToString ()) + "-" +
>ConvertToBase6 4(randomInt.ToS tring());
>
//Update the value of milli by adding the random number to it.
milli = milli + randomInt;
>
//Foreach character in the paratmeter string "password"
foreach (char c in password)
{
//Convert the letter into a number.
int i = Convert.ToInt32 (c);
//Add the value of milli to the number representation of the
>current letter.
i = i + milli;
//Add this as a string to the return string
ePassword = ePassword + "-" + i.ToString();
}
//Return the enrypted password.
ePassword = MD5Encrypt(ePas sword, true);
return ePassword;

Have a look at using System.Security .SecureString instead of a plain
string for holding a password.

}
>
>private string ConvertToBase64 (string text)
{
try
{
byte[] enc = new byte[text.Length];
for (int i = 0; i < text.Length; i++)
{
enc[i] = System.Convert. ToByte(text[i]);
}
>
return System.Convert. ToBase64String( enc);
}
catch
{
}
>
return string.Empty;
}

You can use Encoding.UTF8.G etBytes to convert a string to bytes.

>
>//Helped from CodeProject.com
>private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UT F8.GetBytes(toE ncrypt);
>
// Get the key from config file
string key = ApplicationSett ings.MeetySetti ngs.Key;
//System.Windows. Forms.MessageBo x.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServic eProvider hashmd5 = new

MD5 should not be used in new applicatins as it has some weaknesses.
Better to use SHA-256 or SHA-512.

>MD5CryptoServi ceProvider();
keyArray =
>hashmd5.Comput eHash(UTF8Encod ing.UTF8.GetByt es(key));
//Always release the resources and flush data of the
>Cryptographi c service provide. Best Practice
>
hashmd5.Clear() ;
}
else
keyArray = UTF8Encoding.UT F8.GetBytes(key );
>
TripleDESCrypto ServiceProvider tdes = new
>TripleDESCrypt oServiceProvide r();

3DES should not be used except for backwards compatibility - its 64
bit blocksize is too small for safety. Use AES (=Rijndael) instead as
it uses 128 bit blocks.

//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
>ECB(Electron ic code Book)
tdes.Mode = CipherMode.ECB;

A bad choice. ECB mode leaks information. For a good illustration
(literally) see

Block cipher mode of operation - Wikipedia

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

You should use either CBC or CTR mode.

//padding mode(if any extra byte added)
>
tdes.Padding = PaddingMode.PKC S7;
>
ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
>cTransform.Tra nsformFinalBloc k(toEncryptArra y, 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase6 4String(resultA rray, 0,
>resultArray.Le ngth);
}
>
>--
>Regards JJ (UWA)

**j1mb0jay** · Apr 22 '07, 07:25 PM

Re: String Encryption Help

rossum wrote:

On Sun, 22 Apr 2007 13:54:55 +0100, "j1mb0jay" <jap6@aber.ac.u k>
wrote:
>

>I have had to create a simple string encryption program for
>coursework, I have completed the task and now have to do a write up
>on how it could be improved at a later date. If you could look
>through the code and point me in the correct direction one would be
>very grateful.
>>
>Example Input : j1mb0jay
>Example Output 1 :
>rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
>Example Output 2 :
>8SFgIdt0K0GqOg gOt5VUzRc+sVtgP PQJt5xen7WksC3S ljaXC/H38pWpjZ37tHyY
>Example Outout 3 :
>an+RFZnhJpyv+U gdViO6SlZtPZ66D zZ1tGFifpq3QkHr 9MX9O/JQkojuS2O0IYIG
>>
>As seen above I have used the time as a factor when creating the
>passwords, so two users with the same password will not have the
>same hash stored in the database.
>>
>public string JJEncryption(st ring password)
> {
> //Creates a random number generator.
> Random random = new Random();

Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
Alternatively, write your own - google 'Yarrow' or 'Fortuna' for
examples.
>
>

> //Creates a random int.
> double randomNo = random.NextDoub le();
> //Turns the double into a number that i can use.
> double roundedRandomNo = randomNo * 100;
>>
> //Case the double into and int (loosing all decimal
> places) int randomInt = (int)roundedRan domNo;
>>
> //Gets the current milli second.
> int milli = DateTime.Now.Mi llisecond;
>>
> //Convert the milli second and the random int into a
>string and add it to an empty string;
> string ePassword = ConvertToBase64 (milli.ToString ()) +
>"-" + ConvertToBase64 (randomInt.ToSt ring());
>>
> //Update the value of milli by adding the random number
> to it. milli = milli + randomInt;
>>
> //Foreach character in the paratmeter string "password"
> foreach (char c in password)
> {
> //Convert the letter into a number.
> int i = Convert.ToInt32 (c);
> //Add the value of milli to the number representation
>of the current letter.
> i = i + milli;
> //Add this as a string to the return string
> ePassword = ePassword + "-" + i.ToString();
> }
> //Return the enrypted password.
> ePassword = MD5Encrypt(ePas sword, true);
> return ePassword;

Have a look at using System.Security .SecureString instead of a plain
string for holding a password.
>

> }
>>
>private string ConvertToBase64 (string text)
> {
> try
> {
> byte[] enc = new byte[text.Length];
> for (int i = 0; i < text.Length; i++)
> {
> enc[i] = System.Convert. ToByte(text[i]);
> }
>>
> return System.Convert. ToBase64String( enc);
> }
> catch
> {
> }
>>
> return string.Empty;
> }

You can use Encoding.UTF8.G etBytes to convert a string to bytes.
>
>

>>
>//Helped from CodeProject.com
>private string MD5Encrypt(stri ng toEncrypt, bool useHashing)
> {
> byte[] keyArray;
> byte[] toEncryptArray =
>UTF8Encoding.U TF8.GetBytes(to Encrypt);
>>
> // Get the key from config file
> string key = ApplicationSett ings.MeetySetti ngs.Key;
> //System.Windows. Forms.MessageBo x.Show(key);
> //If hashing use get hashcode regards to your key
> if (useHashing)
> {
> MD5CryptoServic eProvider hashmd5 = new

MD5 should not be used in new applicatins as it has some weaknesses.
Better to use SHA-256 or SHA-512.

>MD5CryptoServi ceProvider();
> keyArray =
>hashmd5.Comput eHash(UTF8Encod ing.UTF8.GetByt es(key));
> //Always release the resources and flush data of the
>Cryptographi c service provide. Best Practice
>>
> hashmd5.Clear() ;
> }
> else
> keyArray = UTF8Encoding.UT F8.GetBytes(key );
>>
> TripleDESCrypto ServiceProvider tdes = new
>TripleDESCrypt oServiceProvide r();

3DES should not be used except for backwards compatibility - its 64
bit blocksize is too small for safety. Use AES (=Rijndael) instead as
it uses 128 bit blocks.
>

> //set the secret key for the tripleDES algorithm
> tdes.Key = keyArray;
> //mode of operation. there are other 4 modes. We choose
>ECB(Electron ic code Book)
> tdes.Mode = CipherMode.ECB;

A bad choice. ECB mode leaks information. For a good illustration
(literally) see

Block cipher mode of operation - Wikipedia

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

>
You should use either CBC or CTR mode.
>
>
>

> //padding mode(if any extra byte added)
>>
> tdes.Padding = PaddingMode.PKC S7;
>>
> ICryptoTransfor m cTransform = tdes.CreateEncr yptor();
> //transform the specified region of bytes array to
> resultArray byte[] resultArray =
>cTransform.Tra nsformFinalBloc k(toEncryptArra y, 0,
> toEncryptArray. Length); //Release resources held by
> TripleDes Encryptor tdes.Clear();
> //Return the encrypted data into unreadable string format
> return Convert.ToBase6 4String(resultA rray, 0,
>resultArray.Le ngth);
> }
>>
>--
>Regards JJ (UWA)

I will post back later with the changes you sugested. Thank you.

--
Regards JJ (UWA)

**rossum** · Apr 22 '07, 08:45 PM

Re: String Encryption Help

On Sun, 22 Apr 2007 15:16:37 +0100, "j1mb0jay" <jap6@aber.ac.u k>
wrote:

>Göran Andersson wrote:

>j1mb0jay wrote:

>>I have had to create a simple string encryption program for
>>coursework, I have completed the task and now have to do a write up
>>on how it could be improved at a later date. If you could look
>>through the code and point me in the correct direction one would be
>>very grateful. Example Input : j1mb0jay
>>Example Output 1 :
>>rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
>>Example Output 2 :
>>8SFgIdt0K0GqO ggOt5VUzRc+sVtg PPQJt5xen7WksC3 SljaXC/H38pWpjZ37tHyY
>>Example Outout 3 :
>>an+RFZnhJpyv+ UgdViO6SlZtPZ66 DzZ1tGFifpq3QkH r9MX9O/JQkojuS2O0IYIG
>>>
>>As seen above I have used the time as a factor when creating the
>>passwords, so two users with the same password will not have the same
>>hash stored in the database.
>>>

>>
>Some reflections:
>>

>>>Use a StringBuilder when concatenating the string. Your solution
>>>scales very badly.

>>

>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
>>>is

>a hashing algorithm and doesn't do any encryption at all.
>>

>>>If the task was to actually create encryption, you have not
>>>completed

>it. As you are using a hash, the string can not be decrypted into the
>original string.

>
>I have the methods to turn it back into the orignal and i use them on my
>applications .
>Does this mean i am encrypting ?

You are using MD5 to generate a key from the user password using the
time as salt. The actual encryption uses 3DES.

rossum

>Thank you for the reply.

**=?ISO-8859-1?Q?G=F6ran_Andersson?=** · Apr 22 '07, 10:45 PM

Re: String Encryption Help

j1mb0jay wrote:

Göran Andersson wrote:

>j1mb0jay wrote:

>>I have had to create a simple string encryption program for
>>coursework, I have completed the task and now have to do a write up
>>on how it could be improved at a later date. If you could look
>>through the code and point me in the correct direction one would be
>>very grateful. Example Input : j1mb0jay
>>Example Output 1 :
>>rZHKZbYZWn/4UgL9mAjN2DUz7X/UpcpRxXM9SO1Qkv kOe5nOPEKnZldps B7uHUNZ
>>Example Output 2 :
>>8SFgIdt0K0GqO ggOt5VUzRc+sVtg PPQJt5xen7WksC3 SljaXC/H38pWpjZ37tHyY
>>Example Outout 3 :
>>an+RFZnhJpyv+ UgdViO6SlZtPZ66 DzZ1tGFifpq3QkH r9MX9O/JQkojuS2O0IYIG
>>>
>>As seen above I have used the time as a factor when creating the
>>passwords, so two users with the same password will not have the same
>>hash stored in the database.
>>>

>>
>Some reflections:
>>

>>>Use a StringBuilder when concatenating the string. Your solution
>>>scales very badly.

>>

>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
>>>is

>a hashing algorithm and doesn't do any encryption at all.
>>

>>>If the task was to actually create encryption, you have not
>>>completed

>it. As you are using a hash, the string can not be decrypted into the
>original string.

>
I have the methods to turn it back into the orignal and i use them on my
applications.

No, you don't. You can not recreate the original from it's hash code.

Does this mean i am encrypting ?
>
Thank you for the reply.

--
Göran Andersson
_____

guffa.com

http://www.guffa.com

Göran Anderssons privata hemsida.

**=?ISO-8859-1?Q?Arne_Vajh=F8j?=** · Apr 23 '07, 01:55 AM

Re: String Encryption Help

Göran Andersson wrote:

:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5 is
a hashing algorithm and doesn't do any encryption at all.

Some people call hashing "one way encryption".

Arne

**=?ISO-8859-1?Q?G=F6ran_Andersson?=** · Apr 23 '07, 09:15 AM

Re: String Encryption Help

Arne Vajhøj wrote:

Göran Andersson wrote:

>:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
>is a hashing algorithm and doesn't do any encryption at all.

>
Some people call hashing "one way encryption".
>
Arne

Yes. To be strictly correct one would say that hashing can be used as a
one way encryption. The hashing algorithm still does hashing, not
encryption. The difference is subtle, but one should be aware that
hashing serves a different purpose than encryption, so not all hashing
algorthms are well suited for one way encryption.

--
Göran Andersson
_____

guffa.com

http://www.guffa.com

Göran Anderssons privata hemsida.

**j1mb0jay** · Apr 23 '07, 10:55 AM

Re: String Encryption Help

Ok just for you...... since im not planning on using it any where other than
coursework, heres the code to decrypt, try them !!

I assure you they work.

public string JJDycryption(st ring ePassword)
{

string nonB64password = MD5Decrypt(ePas sword,true);

char[] splitter = { '-' };

string[] s = nonB64password. Split(splitter) ;

int milli = Convert.ToInt32 (ConvertFromBas e64(s[0]));

int ramdom = Convert.ToInt32 (ConvertFromBas e64(s[1]));

milli = milli + ramdom;

string password = string.Empty;

for (int index = 2; index < s.Length; index++)

{

int i = Convert.ToInt32 (s[index]);

i = i - milli;

char c = Convert.ToChar( i);

password = password + c.ToString();

}

return password;

}

private string MD5Decrypt(stri ng cipherString, bool useHashing)
{
byte[] keyArray;
//get the byte code of the string

byte[] toEncryptArray = Convert.FromBas e64String(ciphe rString);

System.Configur ation.AppSettin gsReader settingsReader = new
AppSettingsRead er();
//Get your key from config file to open the lock!
string key = ApplicationSett ings.MeetySetti ngs.Key;

if (useHashing)
{
//if hashing was used get the hash code with regards to your
key
MD5CryptoServic eProvider hashmd5 = new
MD5CryptoServic eProvider();
keyArray =
hashmd5.Compute Hash(UTF8Encodi ng.UTF8.GetByte s(key));
//release any resource held by the MD5CryptoServic eProvider

hashmd5.Clear() ;
}
else
{
//if hashing was not implemented get the byte code of the
key
keyArray = UTF8Encoding.UT F8.GetBytes(key );
}

TripleDESCrypto ServiceProvider tdes = new
TripleDESCrypto ServiceProvider ();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose
ECB(Electronic code Book)

tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)
tdes.Padding = PaddingMode.PKC S7;

ICryptoTransfor m cTransform = tdes.CreateDecr yptor();
byte[] resultArray =
cTransform.Tran sformFinalBlock (toEncryptArray , 0, toEncryptArray. Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
return UTF8Encoding.UT F8.GetString(re sultArray);
}

private string ConvertFromBase 64(string text)
{
string ret = string.Empty;
byte[] enc = System.Convert. FromBase64Strin g(text);
for (int i = 0; i < enc.Length; i++)
{
ret += System.Convert. ToChar(enc[i]).ToString();
}
return ret;
}

Regards JJ (UWA)

**j1mb0jay** · Apr 23 '07, 10:55 AM

Re: String Encryption Help

Arne Vajhøj wrote:

Göran Andersson wrote:

>>>Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
>>>is

>a hashing algorithm and doesn't do any encryption at all.

>
Some people call hashing "one way encryption".
>
Arne

As i just posted above this is not one way !!! So does this mean i am
encrypting.
--
Regards JJ (UWA)

**rossum** · Apr 23 '07, 11:35 AM

Re: String Encryption Help

On Mon, 23 Apr 2007 11:08:13 +0200, Göran Andersson <guffa@guffa.co m>
wrote:

>Arne Vajhøj wrote:

>Göran Andersson wrote:

>>:: Hashing is not encryption. MD5Encrypt is a misleading name, as MD5
>>is a hashing algorithm and doesn't do any encryption at all.

>>
>Some people call hashing "one way encryption".
>>
>Arne

>
>Yes. To be strictly correct one would say that hashing can be used as a
>one way encryption. The hashing algorithm still does hashing, not
>encryption. The difference is subtle, but one should be aware that
>hashing serves a different purpose than encryption, so not all hashing
>algorthms are well suited for one way encryption.

He is not using the hash to encrypt. He is using the hash to help
derive a secure keu from the user's password. He is using 3DES to do
the actual encryption.

rossum

**j1mb0jay** · Apr 23 '07, 01:15 PM

Re: String Encryption Help

>public string JJEncryption(st ring password)

> {
> //Creates a random number generator.
> Random random = new Random();

Random is not cryptographical ly secure. For a cryptographical ly
secure PRNG use System.Security .Cryptography.R andomNumberGene rator
Alternatively, write your own - google 'Yarrow' or 'Fortuna' for
examples.
>
>

Have looked into the secure random Int32 and have come up with this.

public int CreateSecureRan domInt()
{
RNGCryptoServic eProvider random = new
RNGCryptoServic eProvider();
byte[] randBytes = new byte[4];
random.GetNonZe roBytes(randByt es);
int i = (BitConverter.T oInt32(randByte s,0));
if (i < 0)
i += (i - (i * 2)) - i;
string s = i.ToString();
s = s.Substring(1, 1);
return (Int32.Parse(s) );
}
Is this what you ment ?
Or have i gone of on a tanjant ?

Still reading about the rest before i try and implerment as i have to have
an understanding
of the code to produce the required write up.
--
Regards JJ (UWA)

String Encryption Help

String Encryption Help

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment