Can anyone help with Encrypt login?

Question

0.00/5 (No votes)

See more:

Hi guys

I want to make an Encrypt login form.
I have a class with two functions encryptThis and decryptThis
Here is the code:

VB

Public Class clsEncryption
    Public Shared Function encryptThis(ByVal str As String, ByVal bt As Byte) As String
        Dim encrypt As String = ""

        'USING COALESCING OPERATOR CONDITION
        bt = If((bt > 0 AndAlso bt <= 13), bt, Convert.ToByte(13))

        Dim chr As Char() = Str.ToString().ToCharArray()

        For i As Integer = 0 To str.Length - 1
            'CONVERTING CHAR TO INT
            Dim x As Integer = Convert.ToInt32(Chr(i))
            'CONVERTING INT TO CHAR
            encrypt = encrypt + Convert.ToChar((255 - (x + bt - i)))
        Next
        Return encrypt
    End Function

    Public Shared Function decryptThis(ByVal str As String, ByVal bt As Byte) As String
        Dim encrypt As String = ""

        'USING COALESCING OPERATOR CONDITION
        bt = If((bt > 0 AndAlso bt <= 13), bt, Convert.ToByte(13))

        Dim chr As Char() = str.ToString().ToCharArray()

        For i As Integer = 0 To str.Length - 1
            Dim x As Integer = Convert.ToInt32(chr(i))
            encrypt = encrypt + Convert.ToChar(255 + (-x - bt + i))
        Next
        Return encrypt
    End Function
End Class

I use the function encryptThis in sql query and it store the password successful in database.
The problem is in login form I dont know how can I decrypt this?
Here is the code:

VB

Private Sub cmdlogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdlogin.Click
       On Error Resume Next
       Dim timex As String
       Dim isigroup As DataTable
       objdata = New clsMSSQL
       isigroup = objdata.QueryDatabase("SELECT * FROM Userx WHERE Username='" & txtuser.Text & "' AND Userpass ='" & txtpassword.Text & "'")
       If isigroup.Rows.Count > 0 Then
           For i = 0 To isigroup.Rows.Count - 1
               If isigroup.Rows(i)("username") <> txtuser.Text Or isigroup.Rows(i)("userpass") <> txtpassword.Text Then
                   MsgBox("Λάθος Όνομα Χρήστη ή Κωδικού !", MsgBoxStyle.Information, "Προσοχή.....")
                   xcountx = xcountx + 1
                   If xcountx >= 3 Then
                       MsgBox("Έχεις χρησιμοποιήσει όλες τις προσπάθειες !", MsgBoxStyle.Exclamation, "Προσοχή.....")
                       End
                   End If
                Exit Sub

Thanks for any help

Posted 27-Jun-13 6:39am

jomachi

Add a Solution

3 solutions

Solution 2

You call that "encryption"?? That stuff is WEAK at best. A 12 year old with an abacus can crack that!

I HIGHLY suggest you read up on hashing passwords using a proven cryptographic hash. Start with this[^], then this[^]. Then you can move on to examples and how-to's with this[^].

Posted 27-Jun-13 8:43am

Dave Kreskowiak

Updated 27-Jun-13 8:45am

v2

Solution 3

I have to agree with Dave Kreskowiak - do not encrypt passwords (and certainly not with such a poor excuse for an encryption method) - see here: Password Storage: How to do it.[^] (it's in C#, but the code is pretty simple and explains whay as well as how to use hashing).

But to add to that, your encryption is completely useless since your code is wide open to SQL Injection so nobody needs a password to login anyway, or could destroy your database by trying to log in. Use parameterized queries instead!

Posted 27-Jun-13 9:24am

OriginalGriff

Comments

jomachi 28-Jun-13 5:24am

Sorry for delay. I use parameterized queries in all application.
I wanted to have more security.
Thanks for responce.

OriginalGriff 28-Jun-13 5:50am

Um.

isigroup = objdata.QueryDatabase("SELECT * FROM Userx WHERE Username='" & txtuser.Text & "' AND Userpass ='" & txtpassword.Text & "'")

That is NOT a parameterized query!

jomachi 28-Jun-13 6:02am

This is the only one that is not parameterized.
I will change it.
Thank you my friend

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Itay Komemy · Accepted Answer · 2013-06-27T06:59:00

Solution 1

Hi, I would use System.Security.Cryptography[^] Namespace
it should be more than enough for your needs!

Cheers,
Itay.

Posted 27-Jun-13 6:59am

Itay Komemy

Comments

jomachi 27-Jun-13 14:19pm

Thank you my friend