Geek Answers Handbook

C # how to check if value is encrypted using MD5 passphrase?

I have the following code to encrypt a value (see below). Now I would like to write the bool isEncrypted () method. Is there any proof of a fool and a reliable way to check if a value has been encrypted using this function. I have a decryption procedure and you can manage the phrase, but are not sure if this will help.

The reason is that the first time the application is launched, the values ​​in the configuration file are not encrypted; in this case, the application should automatically encrypt these values. On the second launch, I do not want to encrypt again, because it is obvious that this can lead to chaos. Finally, I do not want to add the isEncrypted attribute to the configuration value. I want it to work and look as dynamic as possible.

So far, I am inclined to use len (128) as a decisive factor, but there is always a remote possibility that an unencrypted value will also be this length.

Thanks in advance.

public static string encrypt(string text) { // Locals var passphrase = "5ab394ed-3920-4932-8d70-9c1b08f4ba4e"; byte[] results; var utf8 = new UTF8Encoding(); // Step 1. We hash the passphrase using MD5 // We use the MD5 hash generator as the result is a 128 bit byte array // which is a valid length for the TripleDES encoder we use below var hashProvider = new MD5CryptoServiceProvider(); var tdesKey = hashProvider.ComputeHash(utf8.GetBytes(passphrase)); // Step 2. Create a new TripleDESCryptoServiceProvider object // Step 3. Setup the encoder var tdesAlgorithm = new TripleDESCryptoServiceProvider { Key = tdesKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 }; // Step 4. Convert the input string to a byte[] var dataToEncrypt = utf8.GetBytes(text); // Step 5. Attempt to encrypt the string try { var encryptor = tdesAlgorithm.CreateEncryptor(); results = encryptor.TransformFinalBlock(dataToEncrypt, 0, dataToEncrypt.Length); } finally { // Clear the TripleDes and Hashprovider services of any sensitive information tdesAlgorithm.Clear(); hashProvider.Clear(); } // Step 6. Return the encrypted string as a base64 encoded string return Convert.ToBase64String(results); }
+4
source share
3 answers

What you can do in the isEncrypted method is try to decrypt the message.
Since you are using the PKCS7 add-on, most likely, the unencrypted message will not be decrypted, because the filling does not correspond to the established filling mode.

Decryption will throw an exception, and you will have to catch this and return false in this case.

It is likely that decryption will take place (when the message is not encrypted) if the data matches the fill mode. However, this is unlikely.

In this case, I would like to add some flag to the encrypted data or add some data to the encrypted message, since I can delete it in the decryption. That would be the most reliable way.

+3
source

Firstly, as a serious problem, it is extremely difficult to use cryptographic primitives on your own. You decided to use the electronic codebook encryption mode, which has the property that the same blocks of plaintext create the same blocks of cyphertext. See an example on Wikipedia .

However, a simple solution is to add a token, such as 'ENC:' , to the encrypted password. If you need to worry about malicious interference with the configuration file, you should move on to using message authentication code such as HMAC.

+4
source

Since your function returns a string, there is no reason why you cannot add plaintext code to the beginning of the encrypted data that the IsEncrypted function can look for, for example "MD5ENC" + [encrypted text].

The disadvantage of this is that it will allow anyone with an unprocessed string to know which algorithm was used for encryption. But as we continue to recall security through obscurity, it is not security. Anyone should be allowed to know how something was encrypted and has no easy way to break this encryption.

Please note that my use of the word is due .

In any case, to return to my original proposal. The advantage of this is that the longer your input code is in a string, the more the vanishingly tiny chance of it being created accidentally in another unrelated encrypted Base64 will become.

If the encrypted text needs to be decrypted, just clear your standard length encryption identifier code and release ...

+2
source

More articles:


All Articles