Results 1 to 2 of 2

Thread: password encrypting and decryption error

  1. #1

    Thread Starter
    Junior Member
    Join Date
    Nov 2017

    password encrypting and decryption error

    Am using vb codes i copied from somewhere to create password encrypting and decryption for a login form. i get into this error "In valid length for base-64 char array or string" when i run the project

     Public Function Encrypt(password As String) As String
            Dim strmsg As String = String.Empty
            Dim encode As Byte() = New Byte(password.Length - 1) {}
            encode = Encoding.UTF8.GetBytes(password)
            strmsg = Convert.ToBase64String(encode)
            Return strmsg
        End Function
        Public Function Decrypt(encryptpwd As String) As String
            Dim decryptpwd As String = String.Empty
            Dim encodepwd As New UTF8Encoding()
            Dim Decode As Decoder = encodepwd.GetDecoder()
            Dim todecode_byte As Byte() = Convert.FromBase64String(encryptpwd)
            Dim charCount As Integer = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
            Dim decoded_char As Char() = New Char(charCount - 1) {}
            Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
            decryptpwd = New [String](decoded_char)
            Return decryptpwd
        End Function

  2. #2
    .NUT jmcilhinney's Avatar
    Join Date
    May 2005
    Sydney, Australia

    Re: password encrypting and decryption error

    Firstly, there's no encryption going on there. Secondly, if the error message is telling you that the data you're passing in is invalid then that probably means that the data you're passing in is invalid. As you haven't shown us how you get that data, we can't tell you why it's invalid.

    That code is rather pointless from a security perspective because all it's doing is converting your password to base-64, which anyone can reverse without having to know any secret at all. Even proper encryption isn't the best option for passwords because someone could still decrypt a password if they got their hands on the required secret.

    Password security is usually achieved using hashing, which is like encryption but is only one-way. That means that, even if someone gets hold of your database, they still can't use the password data to regenerate the original passwords other than by brute force. When a user registers, you hash their password and store the result. When the user logs in, you hash the password they provide and compare the result to the value stored in the database. If they match, the user is authenticated.

    Passwords are usually salted as well as hashed. That means using some random data along with the password to produce a final hash. That means that two identical passwords will still produce different hashes, making things that much harder for attackers.

    There's lots of information around the web, including on this site, about salting and hashing, if you actually care about the security of your passwords (which may not be the case if this is purely academic) then you should look into it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts


Click Here to Expand Forum to Full Width