Encryption  
Author Message
briggins5





PostPosted: Visual Basic Express Edition, Encryption Top

Hi,

I am making a simple (not very secure) chat program.

This is basically how it works:

The user signs in with a username and password. (Database already done)

The username is used as the senders name.

When the user sends a message the recipients name is carried with that message and stored in a remote sql database. (database already done)

When the message is in the database the recipient who has also signed in is able to see it. In other words a query to see if the name of the person the message is for matches the name of someone signed in.

I would like help with these portions of it and i would like to include encryption if possible.

I know this is a lot to ask but it would be helpfull to get information on this.




Visual Studio Express Editions8  
 
 
spotty





PostPosted: Visual Basic Express Edition, Encryption Top

There are encryption components which allow this to be done.

http://www.google.com/search hl=en&lr=&q=rot13+%2B+encryption+%2B+vb.net

So You'd need to check out one of these and if you know the algorithm then sure you could write your own implementation.

For the keypress in the textbox something like this will work

Private Sub TextBox1_KeyUp(ByVal sender As Object, ByVal e As System.Windows.Forms.KeyEventArgs) Handles TextBox1.KeyUp
If e.KeyCode = Keys.Enter Then
MsgBox("foo")
End If
End Sub


 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, Encryption Top

you can create a hash (MD5) and use this to compare with your input hashed value. This is a one way hash meaning you can't decrypt the hash value and only computes the hash value.

you could also use RSA/Rijndael algorithms too

you can create a method which does this in some public class which you can expose the methods to do the job for you.

http://msdn2.microsoft.com/en-us/library/system.security.cryptography.md5.aspx

http://msdn2.microsoft.com/en-us/library/system.security.cryptography.rsa.aspx

http://msdn2.microsoft.com/en-us/library/system.security.cryptography.sha1cryptoserviceprovider.aspx

http://msdn2.microsoft.com/en-us/library/system.security.cryptography.rijndael(VS.80).aspx

really depends what type of algorithm you want. you can use MD5 - quick and easy and has the added advantage of not storing a password value but rather compute the hash value and just store that



 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, Encryption Top

this will only work if your computer has NTFS filing system for the OS, not FAT32:

http://msdn2.microsoft.com/en-us/library/system.io.file.encrypt.aspx

Do you still get this error even if the OS is not FAT32 (Is NTFS). The OS also needs to be Windows NT or higher. Can you post the exact error message



 
 
Peter Ritchie





PostPosted: Visual Basic Express Edition, Encryption Top

The most secure method of storing secrets (e.g. passwords) is to not store them at all.

If all you only want to verify that a user has entered the correct password you can use a secure hash as a comparison.  When the user creates or changes their password, compute a hash from that password and only store the hash in the database.  When the user attempts to log in and they enter their password, compute a hash of that entry in the same way and compare that with the hash in the database.  If they are equal the user entered the correct password.  For example:

    HashAlgorithm hashAlgorithm = new SHA512Managed();

 

    byte[] hash = hashAlgorithm.ComputeHash(charArray);

    if(ArraysEqual(hash, storedHash)

    {

        // correct password!

    }

    else

    {

        // incorrect password!

    }

If you don't need the actual password anymore there's not much reason for encryption.

And, for posterity, the ArrayEquals method, courtesy of Jon Skeet:

    static bool ArraysEqual ( Array a1, Array a2 )

    {

        if (a1 == a2)

        {

            return true;

        }

 

        if (a1 == null || a2 == null)

        {

            return false;

        }

 

        if (a1.Length != a2.Length)

        {

            return false;

        }

 

        IList list1 = a1, list2 = a2;

 

        for (int i = 0; i < a1.Length; i++)

        {

            if (!Object.Equals(list1[ i ], list2[ i ]))

            {

                return false;

            }

        }

        return true;

    }



 
 
briggins5





PostPosted: Visual Basic Express Edition, Encryption Top

OK, thanks.

I was really wanting to encrypt the message as well as the password. I am not sure if the mehtod you suggested would work for the message.



 
 
MattDe_MS





PostPosted: Visual Basic Express Edition, Encryption Top

For question #1, here is a function with a demo:

Module Module1
Function Rot13(ByVal x As String) As String
Dim bld As New Text.StringBuilder(x.Length)

For Each ch As Char In x
Dim chi As Integer = AscW(ch)
Dim chXform As Char

Select Case ch
Case "a" To "m", "A" To "M"
chXform = ChrW(chi + 13)
Case "n" To "z", "N" To "Z"
chXform = ChrW(chi - 13)
Case Else
chXform = ch
End Select

bld.Append(chXform)
Next ch

Return bld.ToString()
End Function

Sub Main()
Console.WriteLine(Rot13("Abc 123 Foo Bar Zz Mm Nn Aa"))
Console.WriteLine(Rot13("Hello World"))
Console.ReadKey()
End Sub

End Module

To do base64, you would basically use the same strategy. Build the transformed string Character-by-Character as shown, and use ChrW in conjunction with AscW to convert the characters from/to numeric form. In order to Rot13 a text box, you should be able to do:

textBox.Text = Rot13(textBox.Text)


 
 
ShadowRayz





PostPosted: Visual Basic Express Edition, Encryption Top

Ya im Fat32 not ntfs

thx for that info

 
 
Peter Ritchie





PostPosted: Visual Basic Express Edition, Encryption Top

No, creating a hash is a one-way operation.  You can't get the original data from a hash, which is why it is so secure.

If you just want to encrypt data before sending it you can use classes like RijndaelManaged.  See RijndaelManaged documentation for an example of encrypting data and decrypting data.



 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, Encryption Top

no worries. The reason it doesnt work for FAT32 is simple, because well, it's an old technology and not as secure as NTFS - this is what NTFS is good at, security and has all the features that FAT32 does not have therefore some functions in .NET may not work, such as this one in this case.

 
 
ecorel





PostPosted: Visual Basic Express Edition, Encryption Top

I also get this exception error... But I do have the NTFS file system.. Can't figure out whats wrong.. my path is 100% correct.

It says "A first chance exception of type 'System.IO.IOException' occurred in mscorlib.dll", and nothing more.

 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, Encryption Top

it should give you an inner exception or a general exception message or stacktrace, post all of them here if you can

 
 
ecorel





PostPosted: Visual Basic Express Edition, Encryption Top

Here is the stracktrace.

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.Encrypt(String path)
at PassManager.Form1..ctor() in C:\Documents and Settings\J\Mina dokument\Visual Studio 2005\Projects\PassManager\Form1.cs:line 22


 
 
ahmedilyas





PostPosted: Visual Basic Express Edition, Encryption Top

yeh its very hard to guess from that from that.

the IOException is thrown for many reasons, one of which could be the fact that the file is in use.



 
 
ecorel





PostPosted: Visual Basic Express Edition, Encryption Top

All error messages including two first lines of string outputs.. Example from msdn (http://msdn2.microsoft.com/en-us/library/30sf3kce.aspx)

File.Exists("c:\\data.txt"): True
Enceypt c:\data.txt
System.IO.IOException: Begaran stods inte.

at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.Encrypt(String path)
at ConsoleApplication1.Program.AddEncryption(String FileName) in C:\Documents
and Settings\J\Lokala installningar\Application Data\Temporary Projects\Con
soleApplication1\Program.cs:line 44
at ConsoleApplication1.Program.Main(String[] args) in C:\Documents and Settin
gs\J\Lokala installningar\Application Data\Temporary Projects\ConsoleApplica
tion1\Program.cs:line 19
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.Encrypt(String path)
at ConsoleApplication1.Program.AddEncryption(String FileName) in C:\Documents
and Settings\J\Lokala installningar\Application Data\Temporary Projects\Con
soleApplication1\Program.cs:line 44
at ConsoleApplication1.Program.Main(String[] args) in C:\Documents and Settin
gs\J\Lokala installningar\Application Data\Temporary Projects\ConsoleApplica
tion1\Program.cs:line 19
Void WinIOError(Int32, System.String)
mscorlib


 
 
ecorel





PostPosted: Visual Basic Express Edition, Encryption Top

OK, the problem is that I have XP-HE on the computer. If anyone is interested you will need XP-PE for this method..... great!