Encrypt in C#

Question

0.00/5 (No votes)

See more:

Hello,
I have a TCP/IP client server application .
the client before start getting data from the server it send its password and user name then the server check the password with user name if it matchecd with the server database the server start sending data else the server refuse the connection.
the problem is i need a way to encrypt the message contain the password sent to the server .
what is the best way to achive this goal.
i searched over the internet (private key encryption ,public key encryption).. but i have some points:
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?

Posted 11-Apr-10 23:20pm

hazem12

Updated 20-Mar-17 18:46pm

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CPallini · Answer 1 · 2010-04-11T23:29:00

hazem12 wrote:
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?

Cannot you embed it into the executable? Is there a compelling reason to change it?

hazem12 wrote:
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?

You may encrypt some timestamp (or counter) info together with the password.
:)

Keith Barrow · Answer 2 · 2010-04-12T01:32:00

hazem12 wrote:
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?Cannot you embed it into the executable? Is there a compelling reason to change it?

Ultimately need to embed the key somewhere, if you store it externally to the program (e.g. in XML) you open up the key for abuse. Don't name the property Key or a recogisable name, and some methods for declaring the key are better than others. You'll need to do some research on this.

hazem12 wrote:
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?

This is a problem. The sniffed message can be resent, but the method in the OP will prevent the password from being re-used. You could only accept messages the a less than n seconds old, which would give some protection, but relies on the server and client clocks being relatively in sync.

You could look at adding a signature to your message (to ensure it hasn't been changed) as well as encryption.

hazem12 · Answer 3 · 2010-04-12T01:14:00

MSIL

hazem12 wrote:
1. in private key the problem where the client will save the private key? and what if i want to change the private key.?
Cannot you embed it into the executable? Is there a compelling reason to change it?


hazem12 wrote:
2. what if some one snif on the data and get the part of the encrypted message contained the encrypted password and send it again to server from its program?
You may encrypt some timestamp (or counter) info together with the password.

lets say that i can embded it in the executable but if i solve the second issue which is the encryption of the password not be the same each time so how can i use some timestamp or counter? how can both server and client know the value of the counter or the value of the time?

Encrypt in C#

3 solutions

Solution 1

Solution 3

Solution 2

Add your solution here

Preview 0