Problem with decryption

S

Showjumper

I have solved my previous decryption problem wherein i was getting a
specified cast is not valid msg.
My new problem is htis: The password is not being decrypted. I am using
Rijndael. The code is from Pro ASP.NET 1.1. The string being returned looks
like 3B746F54E9D44721D6CE1337498FDB823B746F54E9D44721D6CE1337498FDB82
Thanks for any help Ashok

In my db access code:
If dr.Read() Then
encryptedData = CType(dr("Password"), Byte())
End If
Return s.DecryptToString(encryptedData,
CType(HttpContext.Current.Application("Key"), Rijndael))

The decyption function

Public Shared Function DecryptToString(ByVal dataToDecrypt As Byte(), ByVal
crypt As SymmetricAlgorithm) As String
Dim ms As MemoryStream = New MemoryStream
Dim cs As CryptoStream = New CryptoStream(ms, crypt.CreateDecryptor(),
CryptoStreamMode.Write)
cs.Write(dataToDecrypt, 0, dataToDecrypt.Length)
cs.FlushFinalBlock()
Dim r As BinaryReader = New BinaryReader(ms)
ms.Position = 0
Dim decryptedData As String = r.ReadString()
r.Close()
Return decryptedData
End Function
 
G

Guest

Are you sure it's the actual password being stored in the Database? Usually
what is stored is for example , an MD5 hash of the password. The idea is, you
take an MD5 hash of the password supplied by the user during authentication
and compare it against the hash stored in the database.
Peter
 
S

Showjump

I should just be able to reverse it and decrypt the alphanumeric string
back tot he original password right? Th eobjctive is to be able to
email a user his password.
 
G

Guest

Showjumper,
No this is not normally the case. A crytographic hash is a unique result of
an operation on an object. If you repeat the hash operation on an identical
object, you can get what should be an identical hash.

The hash itself is NOT decryptable back to the original string. What most
systems do is email you a new Temporary password, and allow you to come back
in and change it if you wish. This is the most secure arrangement.
Peter
 
S

Showjumper

The example in Pro ASP.NET 1.1 talks about encrypting credit card #s then
storing it and decrypting it back tot he original string. So i used that as
a basis the passwords.
Ashok
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Web app security 4
Problem using QueryString, replaces + with space 2
Error during decryption with SymmetricAlgorithm 4
Problem with decryption 2
Data decryption issue 8
Decryption is not working..wrong text 8
Decryption 1
NCrypto Encryption & Decryption 2

Top