Hey all

I'm looking for a nice simple password encryption algorithm. I'm not looking for anything amazingly military type secure, but If I could do something irreversible, I'd be happy. I've looked at a couple of google searches, but found nothing particularly interesting. Any help would be greatly appreciated.

Thanks
M

Please do not roll your own encryption code. It's fine for a homework exercise but anyone who uses that kind of thing in a real application needs to be shot. ;) At the very least, if you do not care about how strong the encryption is, use the libraries offered by the the framework:

using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;

namespace Daniweb {
    public sealed class Encryption
    {
        // use an 8 byte key for DES encryption
        private static byte[] _key = new byte[]
        { 
            0xBA, 0x87, 0x09, 0xDC, 0xFE, 0x65, 0x43, 0x21 
        };

        private static byte[] _IV = new byte[]
        { 
            0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF 
        };

        private Encryption() {}

        public static string Decrypt(string data)
        {
            byte[] input = Convert.FromBase64String(data);
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(
                ms,
                des.CreateDecryptor(Encryption._key, Encryption._IV),
                CryptoStreamMode.Write);

            cs.Write(input, 0, input.Length);
            cs.FlushFinalBlock();

            return Encoding.UTF8.GetString(ms.ToArray());
        }

        public static string Encrypt(string data)
        {
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();

            // convert input to byte array
            byte[] input = Encoding.UTF8.GetBytes(data);

            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(
                ms,
                des.CreateEncryptor(Encryption._key, Encryption._IV),
                CryptoStreamMode.Write );

            cs.Write(input, 0, input.Length);
            cs.FlushFinalBlock();

            return Convert.ToBase64String(ms.ToArray());
        }
    }
}

anyone who uses that kind of thing in a real application needs to be shot.

I did!:) But it was some 20 years ago...
I agree with you Tom Gunn, the methods of .NET should be used instead. But you will probably agree with me there are plenty of companies out there who still store their sensitive info in just plain text format.

But you will probably agree with me there are plenty of companies out there who still store their sensitive info in just plain text format.

Sure, but that is no excuse for writing insecure code. :) There are also plenty of stories about companies being fined, sued, and burned big time for having sensitive info stolen. I do not want to be the programmer that caused that. ;)

Thanks for all the advice guys :-)

This application will never hit the market, since it's only a project for university. But since it does count 60% of our year mark, I suppose I should treat like a full commercial application. I'll take a look at the .NET libraries... a friend of mine had a problem that encrypting the same string twice gave different results so I was trying to avoid it. ANy idea why something like that might happen?

Thanks again :-)
M

a friend of mine had a problem that encrypting the same string twice gave different results so I was trying to avoid it.

How did your friend do the encryption? Handmade encryption code can do all kind of funny things. The code I gave can handle encrypting multiple times as long as you decrypt the same number of times.

You could try doing a simple MD5 encryption and take the resulting bytes and encrypt them again with SHA ;p

Well thanks to the link that ddanbe left, I've gone with XOR encryption. I know it's incredibly symplistic, but I am really looking for the simplest option. But thanks for all the advice :-)

I suppose I should treat like a full commercial application.

I've gone with XOR encryption.

I just died a little on the inside. :(

I have to admit .. there are cases where I use handmade encryption (xor). Its not always a bad idea...

Let us instead give congrats to danny for providing the solution :)

Comments
Your too kind for this world...

Tom!

I did not mean to kill you inside... But I'm looking for the quickest option... Plus I do pad it with a little gibberish to make the length harder to find... Works pretty well actually.

M

This article has been dead for over six months. Start a new discussion instead.