This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do I encrypt a string and get a equal length encrypted string?
I am new to Encryption and Decryption. I have a string which is 24 char length. I need to encrypt and decrypt the word. The encryption may be less secure but I need encrypted word should be same length as input string (24 char). I have searched through web and find some sample Encryption algorithm (AES, MD5). But the encrypted word is too length than input string. This is product key that we will share to customer, so strong encryption is not required. It would be useful if you share sample codes.
Use Vernam cipher. For a single string with a truly-randomly generated key it's theoretically unbreakable. If you start using the same key for multiple strings you reduce its security significantly but apparently you are not looking for utmost security. If you are, you must be able to come up with a different random key for each encrypted password.
Although you can find lots of sample code on the web, I think it would be good practice to you to implement it yourself. It's pretty straightforward.
What you're looking for seems to be Format-preserving encryption, I don't think there are any implementations of this in .NET (I certainly haven't used any). You may need to think up a custom algorithm for this. You say strong encryption isn't required, but you'll obviously need the algorithm to not be obvious. Unfortunately there are literally hundreds of ways you could do this, so it depends on which one suits you.
This seems to be a great post for encryption algorithms
To make the cyphertext the same length as the plaintext, use a stream cypher. This can either be a block cypher in CTR mode, such as AES-CTR, or a dedicated stream cypher, like Rabbit or RC4.
Be aware that you cannot reuse a key for a stream cypher, otherwise an attacker will probably be able to break the encryption. Two cyphertexts that use the same key can be used to eliminate the key entirely, leaving just the two plaintexts.
If you only have the one 24 byte word to encrypt then this is not a problem. If you need to encrypt more than one piece of data, then key management becomes important.
Related
I want to encrypt/decrypt (or shuffle/un-shuffle) a string without any dependencies on specialized .NET encryption namespaces or use of salt, keys, etc. Literally shuffling everything in the string beyond recognition and then un-shuffling when it's needed.
This is meant for a "no" security situation where even if the user manages to get a hold of the file where the encrypted string is held and figure out the encryption scheme, they don't gain anything meaningful for this specific application.
What is the easiest, most straightforward way of doing this other than shuffling a character array using a pre-defined RNG seed?
XOR every byte in the string with (length of the string modulus 256). If Mod returns 0, use some other known and fixed non-zero value.
I state this answer at the risk of security gurus coming back and saying.. bad answer.. don't do that.. leave it for us (security experts) etc etc.. But you already indicated what you really want is some form of obscurity, and not encryption or security.
Note - I do agree that this is no security by modern standards. Period.
I am writing a .net application and want to use a supper strong encryption key by using the unicode characters to make it hard for the hackers to hack the code. The encryption key would be any characters from the http://www.unicode.org.
For example my encryption key could லูᇉޒۻڃxxxxxxxxxxxx + couple hundred characters which is very difficult for the computer to predict my code. I think the unicode has more than 95,000 characters.
I am wondering if there is any data corruption because of these complex characters. Of course I have to check the decrypt data to make sure the code can decrypt before I save the information to the database. I have tested my code for more than 10 millions times to see how reliable and it run pretty good.
Any thoughts guys?
Encryption is very very difficult to do. More likely than not, your approach will be very insecure.
The strength of an algorithm is more than just a key size. I'd wager that DES with a 56-bit key is more "secure" than probably any home made cipher.
The AES process was a multiple year effort of every cryptographer in the world, multiple government agencies, support from Microsoft, RSA (among others), various open source projects, and millions of dollars. Even after all that, we still find new attacks against AES.
What are your requirements? You should use established protocols and algorims. If you say what your trying to do, we can give better advice.
For a game I am currently making I am in need of encrypting a variable length string (this could be a short as 10 characters or a full XML document) in C# and then sending this to a PHP script which decrypts and processes the information. I am unfortunately completely in the dark when it comes to cryptography and am having trouble finding something that can suite my needs in this case. Is there a library which can do this kind of variable length encryption across multiple platforms such as this?
AES, sometimes called Rijndael, might be a choice for you. It's a standard created by the National Institute of Standards and Technology, an agency of the US government.
It's available in PHP using the mcrypt extension, and there seems to be a managed library built in to the .Net framework. See this previous SO question for more on C#'s implementation. I know little about C# and .Net, but the answer there has 23 votes, so is likely to be on to something. (Edit: #Fun Mun Pieng's answer contains a reference to AES itself, and might be more up to date or otherwise useful than the post I linked.)
AES is a block cypher, meaning that it operates best on lengths of text of a specific set of lengths. There are multiple operation modes and padding schemes that you'll want to read up on and select. If you use the same operation mode and padding on both sides, you should have perfect interoperability.
Keep in mind that AES is a symmetric cypher. This means that the same key is used to both encrypt and decrypt. It might not be the best choice for you. If your users gain access to the key, the encryption becomes worthless.
Public-key cryptography might be a better choice for you. It uses two keys instead of one. Data encrypted using the public key can only be decrypted by the private key. This means that you don't need to worry too much about the public key falling into the wrong hands, as no data can actually be decrypted about it. It may allow troublesome users to still craft legit-looking messages, though.
PHP's best option for public-key cryptography is the standard OpenSSL extension, which uses the industry standard RSA system. A quick look at Google suggests that there's also native .Net support for RSA as well. Like AES, you may need to worry about modes of operation or padding, but again you should get complete interoperation by using the same methodology on both sides. The one possible annoyance will be initial key creation, and how each side wants to store private and public keys.
For the C# part, you could use the System.Security.Cryptography namespace. Eg:
System.Security.Cryptography.Aes aes = System.Security.Cryptography.Aes.Create();
System.Security.Cryptography.ICryptoTransform enc = aes.CreateEncryptor();
// byte[] input;
// byte[] output = new output[512]
int size = enc.TransformBlock(input, 0, input.Length, output, 0);
I have no idea how to do it for the PHP end, but I'm sure you can find a way to decrypt from standard algorithms such as DES, AES, RSA. And remember to pass the key.
For your case, I guess asymmetric encryption is more suitable.
i want to encrypt string in java and decrypt the same string in C# and vice versa .how to do it .and which is best encryption method
Thanks
aswan
You need to go with a standard encryption method. The algorithm used will be secure, the result will be portable and there are libraries for many platforms. 3-DES or AES would be good choices.
The word "best" is different things to different people, and strongly influence the choices available to you.
If speed is extremely important to you, then just add one to every character value, send it, and subtract one again. In other words send "ABC" as "BCD".
AES is supported in the .NET framework in the Rijndael class, you can find the documentation on MSDN http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndael.aspx. When encrypting a string you will want to make sure that the way you choose your key is a secure method, and make sure it is stored in a secure place as well. In any encryption scheme the weakest link is the key.
I've been looking for a way to hash a given string in C# that uses a predetermined key.
On my adventures through the internet trying to find an example i have seen lots of MD5CryptoServiceProvider examples which seem to use a default key for the machine, but none of them that apply a specific key. I need to have a specific key to encode data as to synchronize it to someone else's server. I hand them a hashed string and an ID number and they use that analyze the data and return a similar set to me. So is there anyway to get md5 to hash via a specific key that would be consistent to both.
I would prefer this to be done in C#, but if its not possible with the libraries can you do so with some web languages like php or asp?
Edit: Misunderstood the scenario I was thrown into and after a little sitting and thinking about why they would have me use a key it appears they want a key appended to the end of the string and hashed. That way the server can appended the key it has along with the data passed to ensure its a valid accessing computer. Anyways... thanks all ^_^
Edit2: As my comment below says, it was the term 'salting' I was oblivious to. Oh the joys of getting thrown into something new with no directions.
MD5 is not encryption - it's a hash. It doesn't allow a string to be decrypted.
You're looking for a symmetric encryption algorithm. It uses the same key to encrypt and decrypt. Trying to use encryption functions without understanding them is dangerous. Even if you think you understand them, you can make a mistake.
If you're transferring data to another person's server, you may be better off using something like gpg to encrypt the file using a symmetric key you both agree on over the phone, or perhaps some public-key crypto. This way, you don't write any crypto code, and it's safer (not completely secure, mind you, but safer).
Edit: I'm still trying to decipher your requirements.
MD5 is an unkeyed hash function - there is not key in use at all. So let's say the server sends you a giant string, or a file, and a hash of it. You would then MD5 the string or file, and compare the hash you computed with the hash they sent. If they match - the data was not corrupted in transit. That doesn't mean no one tampered with what they sent you in transit, because MD5 has no "secret sauce" to it. I can md5 anything I want and send it to you.
A HMAC is a keyed hash function. It has a secret ingredient that only you and the group you're communicating with should know - the secret key. If they send you a long string or file, and a HMAC, you can compute the HMAC yourself, compare your HMAC and theirs, and if they match, the data was not corrupted in transit, nor was the data tampered with.
MD5 is a hash function and, strictly speaking, is not used to "encrypt" a string. It produces a 128-bit "Message Digest" (hence the MD in the name) that is used as a kind of fingerprint for the input string.
Tom's right: MD5 is just a one-way hash, you can't decrypt it. Try these links:
Symmetric Key Encryption in C#
Public-Key RSA Encryption in C#
You can use AES from C# to do the type of encryption you are looking for. Here's an article on how.
You should use one of the classes inherited from SymmetricAlgorithm, for instance :
AesCryptoServiceProvider
DESCryptoServiceProvider
RC2CryptoServiceProvider
TripleDESCryptoServiceProvider
So, why does the following test fail if both input strings are identical?
[TestMethod]
public void MD5HashTest()
{
var hash1 = (new MD5CryptoServiceProvider()).ComputeHash(new System.Text.ASCIIEncoding().GetBytes("now is the time for all good men."));
var hash2 = (new MD5CryptoServiceProvider()).ComputeHash(new System.Text.ASCIIEncoding().GetBytes("now is the time for all good men."));
Assert.AreEqual(hash1, hash2);
}