I want to get text inputted by the user into the maskedTextBox and then encode it into byte[] which will be hashed into SHA256 to compare with password hashes stored at my database. The problem is that I've only found .GetCharFromPosition(Point pt) which I don't know how to use (I would know if it would be a simple index in place of this "Point") and .GetHashCode but it needs to be SHA256, not some undefined hash...
You can get the bytes of a string in a certain encoding using Encoding.GetBytes. For example, to get it as an array of bytes as UTF-8:
System.Text.Encoding.UTF8.GetBytes(yourTextBox.Text)
Related
I need to create the same results when using Crypt::Encrypt('secret') from Laravel, in C#.
I found this thread Rijndael 256 Encrypt/decrypt between c# and php?
and it seemed to be what I need, but I'm having some trouble with the third argument the, initialization vector :(.
Laravel using Rijndael AES to encrypt the data. All the user has to input is a secret key, in the config folder, that is totally random and 32 characters long.
The encyrption method looks like this:
public function encrypt($value)
{
$iv = mcrypt_create_iv($this->getIvSize(), $this->getRandomizer());
$value = base64_encode($this->padAndMcrypt($value, $iv));
// Once we have the encrypted value we will go ahead base64_encode the input
// vector and create the MAC for the encrypted value so we can verify its
// authenticity. Then, we'll JSON encode the data in a "payload" array.
$mac = $this->hash($iv = base64_encode($iv), $value);
return base64_encode(json_encode(compact('iv', 'value', 'mac')));
}
The full Encryptor.php can be found here: http://pastebin.com/yfWLPxGn
Any idea as to what I would have to input to get the same results? :)
Initialization vector is an input that is typically random. So, algorithm always creates a different value using the same input, key and the different IV. If you'd like to generate same result using both PHP and C# code, you need to use the same IV value.
Laravel's encrypt() does not return the encrypted value only. The value encrypt() generates a base64 encoded string which has json encoded values of iv, mac and encrypted value.
So the steps you need to apply in your C# encode() method:
Encode the string using the code in the link you gave.
base64_encode() the encrypted value. We will use this value in the further steps.
Create MAC (Message Authentication Code) using base64_encoded IV as the value, encrypted value as the key and sha256 as the algorithm. Take a look at this one
Now we have encrypted value, mac and iv.
Create a json string like this:
{
iv: iv value (base64 encoded),
value: encrypted value (base64 encoded),
mac: mac value created in 3rd step
}
base64 encode your this json string.
You're all set.
You would want to not apply padding and not apply any specific mode of operation. There is a pseudo-mode called ECB which basically applies the bare cipher over many blocks and applies no padding. It requires full blocks to be used.
If you don't have a full block to encrypt, you need to figure out what padding mode is used.
If that doesn't work, then you need to figure out what mode and what initialization vector is used. An initialization vector is usually prepended to a message as a unique value that varies per message, as a way to prevent some mathematical attacks on bare ciphers applied over many blocks.
I have an Excel workbook currently acting as a booking diary. It has users/passwords stored in a database, the passwords are hashed using SHA1 (with no salt at the moment to make this easier)
When I store a user with password password I get the following hash in the database:
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
This is backed up by trying the string here and here, both give the same result as my VBA SHA1 function
So now I want to move this application into C# (probably and ASP.NET web app eventually), so I'm using the following to generate the SHA1 hash:
// Convert plain text into a byte array
byte[] plainTextBytes = Encoding.Default.GetBytes("password");
// Define hash object
HashAlgorithm hash = new SHA1Managed();
// Compute hash value of our plain text
byte[] hashBytes = hash.ComputeHash(plainTextBytes);
// Convert result into a base64-encoded string
string hashValue = Convert.ToBase64String(hashBytes);
Console.WriteLine(hashValue);
but this outputs
W6ph5Mm5Pz8GgiULbPgzG37mj9g=
I must have done some small thing wrong, but I can't work out what it is :(. I have tried the different encoding types (UTF8, ASCII, Unicode) but none produce the correct hash
Can someone shed some light on this for me please?
You converted the string to base64, although it seems you want hex. Convert to hex instead.
You should convert hashBytes into HexString, not Base64.
string hashValue = Convert.ToBase64String(hashBytes);
That's the problem statement, the result string you quoted was not base64 encoded, it was encoded in hex. You get the value you are looking for with:
string hashValue = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
Which produces:
"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
I am trying to do AES Encryption in my windows phone8 app.
I searched a lot, but couldn't get a clear view to do so.
Can anybody give me link that gives the clear example of implementing AES Encryption ni WP8 App.
What i need to do is,
1)I need to pass key, initial vector, and value as strings.
2)need to encrypt that string in any format of AES Encryption, and finally need to get the encrypted value as string.
Can anybody help me.
am using this example and using UTF8 encoding for key, and Iv
myAes.Key = Encoding.UTF8.GetBytes("terr!f!cp#ssw0rdw!thonetw!st!n!t");
myAes.IV = Encoding.UTF8.GetBytes("1234567890987654");
and after encoding to convert the bytes of encrypted value to string am using ToBase64 convertion
afterText.Text = Convert.ToBase64String(encrypted);
here i need to tell my back end team, what the exact encryption am using here, am not sure about what is happening here, Can you please tell me whats that exact encryption happening here.
Thank you.
The CryptographicBuffer Class is your friend:
Use Hex or Base64 encoding for binary values you want to represent as strings. This includes Key, IV and ciphertext
Use UTF-8 for text you want to turn to bytes.
I'm trying to write a basic hashing function accepts an input string and a salt string. Both of those strings then need to be converted to byte arrays, combined then the hash is generated.
I've dug around the Microsoft Membership for inspiration and see that they do it this way:
byte[] bytes = Encoding.Unicode.GetBytes(input);
byte[] array = Convert.FromBase64String(salt);
So what I want to ask is:
Is unicode the best encoding to use when converting the input string to a byte array? What about UTF-8?
Is a Base64String the best format to use for the salt value? If I limit to a Base64 string then essentially I always have to use a hash as a salt, is this the recommended way?
In my previous question I was told to hash passwords instead of encrypt, and that turned out to be correct. Problem is, I've never dealt with hashing passwords before and all the docs say SHA512 which I've tried to use on a test account to no avail. I'm not sure where to go from here. The code comments give me the example "encrypted" string as they call it, and it's "FA35A0194E3BE7024CEFB1839CBFC922" which I'm not sure how to format it like that with SHA512 since all it takes and gives back is a byte array or stream from the ComputeHash() method:
byte[] hashedPassword = HashAlgorithm.Create("SHA512").ComputeHash( ??? );
UPDATE
I've tried printing out the UTF8Encoding.GetString on the bytes, but it just displays a bunch of bullshit characters that look nothing like the one in the example docs.
Hashing with plain SHA-512 is still wrong. Use PBKDF2 which is exposed via Rfc2898DeriveBytes.
It returns raw bytes, which you should encode with either hex or base64.
You can do hex encoding with:
BitConverter.ToString(bytes).Replace("-","")
You sure it said 512 because that's 128, but anyway you could use something like
System.String Hashed = System.BitConverter.ToString(((System.Security.Cryptography.SHA512)new System.Security.Cryptography.SHA512Managed()).ComputeHash(System.Text.Encoding.ASCII.GetBytes("NotHashedPass"))).Replace("-","");
MessageBox.Show(Hashed);
but id recommend at least using a salt.
Please see tutorial here:
http://www.obviex.com/samples/hash.aspx
From the tutorial:
"These code samples demonstrate how to hash data and verify hashes. It supports several hashing algorithms. To help reduce the risk of dictionary attacks, the code prepends random bytes (so-called salt) to the original plain text before generating hashes and appends them to the generated ciphertext (original salt value will be needed for hash verification). The resulting ciphertext is base64-encoded. IMPORTANT: DATA HASHES CANNOT BE DECRYPTED BACK TO PLAIN TEXT"