I would like to share some simple functions which can encrypt and decrypt strings. These functions can be used in any of.NET Framework supporting languages. Just declare a pass phrase in your code like a master key which allows the MD5CryptoServiceProvider class (in the System.Security and System.Security.Cryptography namespace) to compute a hash value for encryption/decryption. TripleDESCryptoServiceProvider class is used to encrypt/ decrypt strings which in turn uses 3DES (Triple Data Encryption Standard) algorithm. 3DES alogorithm uses three 64-bit long keys to (Encrypt-Decrypt-Encrypt) data.
Declare the pass phrase as below, and you can set any string value you like: const string passphrase = ' password'; For example, 'password' is the key I used here. Now, you just have to use the Encrypt/Decrypt functions below in your class to encrypt and decrypt any string. Below are the functions. I have around 10 Years of experience using Microsoft technologies. I started working on microsoft technologies from Visual Studio 6.0 to VS 2015. I have worked on both Windows and Web applications development. I have experience of using languages and technologies such as C#, VB.Net, ASP.Net, MVC, WPF, WCF, XML Web Services, Java Script, JQuery and databases such as SQL Server, Oracle, Sybase and DB2, Also Markup languages like XML, HTML and XAML.
Csr harmony bluetooth software. In my leisure time I like to watch movies, play video games and read about trending technologies. PiyushVarma 29-Aug-14 12:38 29-Aug-14 12:38 Hi, I have added VB.NET code since I had a C# and VB.NET projects in a solutio doing encryption and decryption back and forth! Member 2857735 3-Jan-12 9:04 3-Jan-12 9:04 This is probably the worst cryptography advice ever! For one, MD5 is quite broken, and should not be used in new code.
(See rogue CA attacks because of MD5 collisions: ) Secondly, ECB is NOT a good encryption mode, it allows an attacker to replace or reorder your blocks of data, see Thirdly, triple-DES does not provide good security, according to wikipedia Triple-DES only has 80 bits of security, considering that.NET has support for far better algorithms, like AES, using ancient and broken algorithms like Triple-DES is plain stupid. Besides, one should use a key-derivation algorithm instead of just 1 round of a hash function to make brute-force and dictionary attacks against the password unfeasible. Creative 5.1 sound card driver windows 7 free download. I give my vote of 1 for VERY wrong advice on a topic you are clearly not well versed on at all.
Thanks for sharing the information. However my article does not claim to give the most secure ensryption/ decryption technique in the world. I just posted a tip to have some simple implementation of the existing techniques which are in.net. I am not claiming that this will be the most best technique available in.net. It is just one of the many methods available in the.net side. If you have something better then please keep sharing with the community. Good luck my friend.
The teeth of disk holder are undamaged. Total paris experience tour. Minimal wear on the exterior of item.
Last Visit: 31-Dec-99 19:00 Last Update: 11-Feb-18 13:25 1 General News Suggestion Question Bug Answer Joke Praise Rant Admin Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.
Introduction Here in this article we are discussing that how can you Encrypt your password or any string by selecting any of the cryptography Algorithm Either by SHA1 or MD5. The implementing of this example needs to import System.web.Security namespace and you will also add four controls as two TextBox, Button, DropDownList and a Label control. You will select Algorithm for Encryption from DropDownList. The namespace will be inherited by Forms Authentication class in which you will get the HashPasswordForStoringInConfigFile method. This method is used for the conversion of password or any string into Encrypted format. Getting Started.
Simply Create a new ASP.NET web application. Drag two TextBox, Button, DropDownList and a Label control on your page. The page will look like below. Your Default.aspx page will look like below. <% @ Page Language ='VB' AutoEventWireup ='false' CodeFile ='Default.aspx.vb' Inherits ='Default'%
DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' ' SHA1 MD5. Then add the below code in code behind file of the web page. Protected Sub PageLoad(sender As Object, e As System. EventArgs) Handles Me.Load If Me.IsPostBack = False Then Selectalgo.Items.Add( ') Selectalgo.SelectedValue = ' End If End Sub Protected Sub btnEncryptClick(sender As Object, e As System. EventArgs) Handles btnEncrypt.Click txtDisplayValue.Text = FormsAuthentication.HashPasswordForStoringInConfigFile(txtResult.Text, Selectalgo.SelectedValue) End Sub.
Now run your application. Output Summary In this article you learned that how to perform Encryption.
Tony, There are many options here, but a simple solution is: Public Class Crypto ' TAKEN FROM MS KB Q317535 Public Shared Function EncryptTripleDES(ByVal sIn As String, ByVal sKey As String) As String Dim DES As New System.Security.Cryptography.TripleDESCryptoServic eProvider Dim hashMD5 As New System.Security.Cryptography.MD5CryptoServiceProvi der ' scramble the key sKey = ScrambleKey(sKey) ' Compute the MD5 hash. DES.Key = hashMD5.ComputeHash(System.Text.ASCIIEncoding.ASCI I.GetBytes(sKey)) ' Set the cipher mode. DES.Mode = System.Security.Cryptography.CipherMode.ECB ' Create the encryptor. Dim DESEncrypt As System.Security.Cryptography.ICryptoTransform = DES.CreateEncryptor ' Get a byte array of the string. Dim Buffer As Byte = System.Text.ASCIIEncoding.ASCII.GetBytes(sIn) ' Transform and return the string. Return Convert.ToBase64String(DESEncrypt.TransformFinalBl ock(Buffer, 0, Buffer.Length)) End Function Public Shared Function DecryptTripleDES(ByVal sOut As String, ByVal sKey As String) As String Dim DES As New System.Security.Cryptography.TripleDESCryptoServic eProvider Dim hashMD5 As New System.Security.Cryptography.MD5CryptoServiceProvi der ' scramble the key sKey = ScrambleKey(sKey) ' Compute the MD5 hash.
DES.Key = hashMD5.ComputeHash(System.Text.ASCIIEncoding.ASCI I.GetBytes(sKey)) ' Set the cipher mode. DES.Mode = System.Security.Cryptography.CipherMode.ECB ' Create the decryptor.
Dim DESDecrypt As System.Security.Cryptography.ICryptoTransform = DES.CreateDecryptor Dim Buffer As Byte = Convert.FromBase64String(sOut) ' Transform and return the string. Return System.Text.ASCIIEncoding.ASCII.GetString(DESDecry pt.TransformFinalBlock(Buf fer, 0, Buffer.Length)) End Function Private Shared Function ScrambleKey(ByVal vstrKey As String) As String Dim sbKey As New System.Text.StringBuilder Dim intPtr As Integer For intPtr = 1 To vstrKey.Length Dim intIn As Integer = vstrKey.Length - intPtr + 1 sbKey.Append(Mid(vstrKey, intIn, 1)) Next Dim strKey As String = sbKey.ToString Return sbKey.ToString End Function End Class -Sam Matzen 'Tony' wrote in message news:77.@microsof t.com. Is there a quick and easy way to encrypt and decrypt a string in vb.net.
Blowfish isnt included as a.NET class unfortunatly, there is a C# sample of almost all encryption algorithms although it requires a dll to use the TwoFish/Blowfish algorithms, the rest are within the.NET Framework. You can find the sample at An easier option, expecially if your not too familiar with C# is this implementation of 3DES for VB.NET, its a nice lil wrapper class and makes the encryption quite easy, theres full instructions on how to use the class on the page. If you have any problems getting them working just post and ill try and clear it up for you. Ok then you can use MD5 for that purpose, you store the MD5 hash of a users password in your sql database, and when the user enters their password to login, recalculate the hash and compare the two hashs. Your original question is slightly misleading in that you used the word decrypt, there is still no decryption, your comparing the encrypted end result of the password, there is no way of getting that password back to its plain ascii form, which means if a user loses their password, you need something in place to generate a new password for them.
A function that will generate a MD5Hash from a string you pass it is below, call in the following manner Dim Hash as string = GenerateHash(thisismypassw ord) Imports System.Text Imports System.Security.Cryptograp hy Private Function GenerateHash(ByVal SourceText As String) As String Dim Ue As New UnicodeEncoding Dim ByteSourceText As Byte = Ue.GetBytes(SourceTStext) Dim Md5 As New MD5CryptoServiceProvider Dim ByteHash As Byte = Md5.ComputeHash(ByteSource Text) Return Convert.ToBase64String(Byt eHash) End Function Regards, Jaz. Som note on MD5 decryption MD5 will allways create the same output for the same input. But the function is not reversable. If you really want to make your DB secure then you should add a 'prefix' to each password (=SALT) When you want to check the password then you retrieve the SALT first from the DB then you use the MD5 to calculate the hast of 'Salt & Password' If you dont do this and 2 users in your DB share one password, then finding one password via brute force would reveal all of the same password, since if 2 passwords are the same, they would also crate the same hash. For the SALT you can just generate a few random bytes and store them seperately for each user. The only 'Problem' with the MD5 aproach is that passwords are NOT recoverable This means you have to give the user a new password if he decides to misplace his only one.
I understand what your saying rd, but I cant get my head around how it would work, it's probably just me being ignorant and not thinking it through. Hypothetically If you take a hash of a password eg. PASSWORD you get NkASotsOLbvk+2ysYYPiMQ We add our prefix to the password, and hash it - it now becomes SALTPASSWORD or YS1NoCUSufTGZDz/JmKTQw If two users are using this password, both would still be brute forced, perhaps not from a dictionary as you can choose an odd prefix, but most incremental brute force programs could handle it.
Md5 Encrypt Decrypt
Likewise if we randomly generated characters, so user1 has SALTPASSWORD and user2 has TLASPASSWORD, when we goto verify this hash, we still have to know which characters we have appended (they have to be stored somewhere) so we can append it to the users password, before checking the hash. If we simply checked the users password (password) then it wont match the hash we have stored. Am i looking at this the wrong way, its an interesting concept i just cant see how to accurately compare a hashed password with a randomly generated prefix against the hash of the users standard password. Regards, Jaz. The reason far SALTing the passwords is this. Most pl prefer to use 'simple' passwords. Thats why brute force dictionary attacks succeed.
If you dont Salt the password the Hacker could check your DB and see that there are 100 users and 10 of them have the same hased password. This means most likely those users use a VERY common password or thats the 'default' password for creating new accounts. He only needs to succeed to bruteforce one of the 10 guys to get the password for all 10 users. Now if the Passwords are salted (a simple way would be hash the username, convert to base64 and append that to the password to be hashed, since usernames should be unique each user would have a different SALT) the hacker would look at your table and see 100 different hashes.
Even if he knows what logarthim is used to salt the passwords, he still has to brute force every one of those passwords. A common aproach is to generate an extra SALT for each record (randomly) and retrieve it from the DB before you hash the password. If you use the username aproach you save one trip to the DB since the salt for each password is known already.
Thanks for ur replies. Ur solution really helped me a lot.but i still stuck with the problem. I want to generate an encrypted password, first two random characters (the 'salt' - in the range a.z, A.Z) are added to the beginning of the clear-text password. This is then hashed using MD5 and the resulting hash is hex-encoded. The result of this is written as plain-text starting with the 2 salt characters followed by the hex-encoded hash. The example of the encrypted and hex-encoded password is cb644FB1F31184F8D3D169B54B3D46AB1A where cb is the salt.and others is the MD5 hashed data.
I tried to encrypt my password using md5 hash, encode it to hex and generate 2 random characters in front of this encrypted data.but this does not seem to work for me. So anyone who know the solution, please kindly post here.