Results 1 to 2 of 2

Thread: password encrypting and decryption error

Hybrid View

  1. Jan 28th, 2018, 06:39 PM #1
    rickabbam
    rickabbam is offline

    Thread Starter
    Junior Member
    Join Date
    Nov 2017
    Posts
    25

    password encrypting and decryption error

    Am using vb codes i copied from somewhere to create password encrypting and decryption for a login form. i get into this error "In valid length for base-64 char array or string" when i run the project

    Code:
     Public Function Encrypt(password As String) As String
        Dim strmsg As String = String.Empty
        Dim encode As Byte() = New Byte(password.Length - 1) {}
        encode = Encoding.UTF8.GetBytes(password)
        strmsg = Convert.ToBase64String(encode)
        Return strmsg
    End Function

    Public Function Decrypt(encryptpwd As String) As String
        Dim decryptpwd As String = String.Empty
        Dim encodepwd As New UTF8Encoding()
        Dim Decode As Decoder = encodepwd.GetDecoder()
        Dim todecode_byte As Byte() = Convert.FromBase64String(encryptpwd)
        Dim charCount As Integer = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)
        Dim decoded_char As Char() = New Char(charCount - 1) {}
        Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)
        decryptpwd = New [String](decoded_char)
        Return decryptpwd
    End Function
    Reply With Quote Reply With Quote
  2. Jan 28th, 2018, 07:05 PM #2
    jmcilhinney
    jmcilhinney is offline
    Super Moderator jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    110,344

    Re: password encrypting and decryption error

    Firstly, there's no encryption going on there. Secondly, if the error message is telling you that the data you're passing in is invalid then that probably means that the data you're passing in is invalid. As you haven't shown us how you get that data, we can't tell you why it's invalid.

    That code is rather pointless from a security perspective because all it's doing is converting your password to base-64, which anyone can reverse without having to know any secret at all. Even proper encryption isn't the best option for passwords because someone could still decrypt a password if they got their hands on the required secret.

    Password security is usually achieved using hashing, which is like encryption but is only one-way. That means that, even if someone gets hold of your database, they still can't use the password data to regenerate the original passwords other than by brute force. When a user registers, you hash their password and store the result. When the user logs in, you hash the password they provide and compare the result to the value stored in the database. If they match, the user is authenticated.

    Passwords are usually salted as well as hashed. That means using some random data along with the password to produce a final hash. That means that two identical passwords will still produce different hashes, making things that much harder for attackers.

    There's lots of information around the web, including on this site, about salting and hashing, if you actually care about the security of your passwords (which may not be the case if this is purely academic) then you should look into it.
    Why is my data not saved to my database? | MSDN Data Walkthroughs
    VBForums Database Development FAQ
    My CodeBank Submissions: VB (Sorting AlphaNumeric Strings Logically NEW, Binding a Data Reader in Windows Forms NEW) | C# (Sorting AlphaNumeric Strings Logically NEW, Binding a Data Reader in Windows Forms NEW)
    My Blog: Data Among Multiple Forms (3 parts)
    Beginner Tutorials: VB | C# | SQL
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width