开发者

encryption and decryption class?

问答 作者:

Q:

I want to ask if there is a class for encrypting and decrypting a string , i search through the net ,, and i find some but they are less secure or have some problems in completing the process :

one of the classes i found before is :

public static string Encrypt(string text) {

        try
        {
            key = Encoding.UTF8.GetBytes(stringKey.Substring(0, 8));
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            Byte[] byteArray = Encoding.UTF8.GetBytes(text);
            MemoryStream memoryStream = new MemoryStream();
            CryptoStream cryptoStream = new CryptoStream(memoryStream,des.CreateEncryptor(key, IV), CryptoStreamMode.Write);
      开发者_运维百科      cryptoStream.Write(byteArray, 0, byteArray.Length);
            cryptoStream.FlushFinalBlock();
            return Convert.ToBase64String(memoryStream.ToArray());
        }

        catch (Exception ex)
        {
          string message =  ex.Message;
        }

        return string.Empty;
    }



    public static string Decrypt(string text)
    {
        try
        {
            key = Encoding.UTF8.GetBytes(stringKey.Substring(0, 8));
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();

            Byte[] byteArray = Convert.FromBase64String(text);
            MemoryStream memoryStream = new MemoryStream();
            CryptoStream cryptoStream = new CryptoStream(memoryStream,
            des.CreateDecryptor(key, IV), CryptoStreamMode.Write);
            cryptoStream.Write(byteArray, 0, byteArray.Length);
            cryptoStream.FlushFinalBlock();
            return Encoding.UTF8.GetString(memoryStream.ToArray());
        }

        catch (Exception ex)
        {
            string message = ex.Message;


        }`

some of comments about this class is:

  • Encoding.UTF8.GetBytes is a very bad and unsafe way to get a Key from a password.

  • http://www.codinghorror.com/blog/2010/12/the-dirty-truth-about-web-passwords.html

  • other problems

i search about a class to accomplish the encryption and decryption without those problems,,if there are any modification or enhancement to this class to avoid those problems and make it more secure ,it will be great.

if there are other classes which are tested and used for long time to make sure of its stability ,it will be great..

That code is nowhere good enough for passwords.

Let me quote Jeff's words from the Coding Horror article you linked to:

You should never, ever store user passwords. If you do, you're storing passwords incorrectly. Always store the salted hash of the password -- never the password itself! It's so easy, even members of Mensa er .. can't .. figure it out.

Passwords should not be stored in a way that they can be retrieved. It does not matter if you encrypt it. Encryption is a two-way process. You must do some one-way transformation that you cannot recover the original password from it. Like Jeff suggests, use hashing with salt. In order to verify passwords, you apply the same one-way process to the input and compare with the value you stored. You never recover the stored password to compare with the input.

You could have a look at the System.Security.Cryptography namespace, the .NET framework offers plenty of options.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx

继续阅读:asp.netdecodingencryptionsecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9