RSS

Comparing MD5 and 3DES encryption with vb.net

22 Apr

The reasons for using these two types of encryption are completely different. MD5 is a hashing encryption algorithm. When you use MD5 is there no way back. The main reason for hashing algorithms is for storing passwords. This way you never actually store the users password (“passW0rd”) but you actually store the MD5 hash of the password (YoOu0vDQKek5jEsEBHVM4A==). This becomes useful because the next time the user logs in, all you have to do is compare the originally stored hash with the hash of what the users entered into the password box. Converting “passW0rd” to MD5 will always produce the same hash “YoOu0vDQKek5jEsEBHVM4A==”. There is no decrypting MD5. The way MD5 is broken is by creating precomputed table of hashes for every possible input, a.k.a. rainbow table. The stronger your password is the larger the rainbow table will have to be to break your hash.

On a side note, data warehousing has begun to use encryption hashes but not for security reasons. If you have a very large number or size of columns and need to see if they have changed or not you could check each column and compare it to the data you are about to insert. Or, you could create a hash of the entire record and store that. This makes for really fast compares.

The other method of encryption gives you the ability to decrypt the data. Triple Data Encryption Standard (3DES) uses a key and an initialization vector. With these two pieces of information you can decrypt the data. For example, if you store employee salary data in a table, you would want to use this type of encryption so your dba can’t just read the data in the table. This way you can have the Key stored in one location and the IV stored in another.

I have been in discussions that go very poorly when deciding how to secure, or whether or not something needs to be secured. There usually is a thorn of a person that will quickly discount methods of security and sways the whole groups opinion. MD5 by itself is no longer considered a solid security method. This is a fact, and usually the thorn in the group makes this comment but then either neglects to give an alternative or doesn’t know what the alternative is. One alternative is SHA, but it requires more processing and more storage which in 99.9% of cases is completely fine. The other way the discussion goes is into a paranoia state and decided everything needs ultra security. What I suggest is finding your happy medium. Find the level of security where you can get projects completed and performing well but are also secure.

I have pieced together two examples of encryption using MD5 and 3DES. I am not an encryption expert nor a math expert but that is just my point. Using the .NET framework you don’t have to be an expert to at least make an attempt to keep data secure.

MSDN gives great examples which I have used: http://msdn.microsoft.com/en-us/library/system.security.cryptography.tripledes

The 3DES example. You’ll notice the Encrypt and Decrypt functions are nearly identical. It’d be best to re-factor but I left them separate for illustration purposes. This program takes ‘test.txt’ and encrypts it to ‘3destest.txt’ and then decrypts that to ‘decryptedtest.txt’.

Imports System.IO
Imports System.Security.Cryptography
 
Module Module1
 
    Sub Main()
        Dim key() As Byte = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24}
        Dim iv() As Byte = {8, 7, 6, 5, 4, 3, 2, 1}
 
        EncryptData("test.txt", "3destest.txt", key, iv)
        DecryptData("3destest.txt", "decryptedtest.txt", key, iv)
    End Sub
 
    Private Sub EncryptData(ByVal inName As String, ByVal outName As String, ByVal tdesKey() As Byte, ByVal tdesIV() As Byte)
 
        'Create the file streams to handle the input and output files.
        Dim fin As New FileStream(inName, FileMode.Open, FileAccess.Read)
        Dim fout As New FileStream(outName, FileMode.OpenOrCreate, FileAccess.Write)
        fout.SetLength(0)
 
        'Create variables to help with read and write.
        Dim bin(100) As Byte 'This is intermediate storage for the encryption.
        Dim rdlen As Long = 0 'This is the total number of bytes written.
        Dim totlen As Long = fin.Length 'This is the total length of the input file.
        Dim len As Integer 'This is the number of bytes to be written at a time.
        Dim tdes As New TripleDESCryptoServiceProvider()
        Dim encStream As New CryptoStream(fout, tdes.CreateEncryptor(tdesKey, tdesIV), CryptoStreamMode.Write)
 
        Console.WriteLine("Decrypting...")
 
        'Read from the input file, then encrypt and write to the output file.
        While rdlen < totlen
            len = fin.Read(bin, 0, 100)
            encStream.Write(bin, 0, len)
            rdlen = rdlen + len
            Console.WriteLine("{0} bytes processed", rdlen)
        End While
 
        encStream.Close()
    End Sub
 
 
    Private Sub DecryptData(ByVal inName As String, ByVal outName As String, ByVal tdesKey() As Byte, ByVal tdesIV() As Byte)
 
        'Create the file streams to handle the input and output files.
        Dim fin As New FileStream(inName, FileMode.Open, FileAccess.Read)
        Dim fout As New FileStream(outName, FileMode.OpenOrCreate, FileAccess.Write)
        fout.SetLength(0)
 
        'Create variables to help with read and write.
        Dim bin(100) As Byte 'This is intermediate storage for the encryption.
        Dim rdlen As Long = 0 'This is the total number of bytes written.
        Dim totlen As Long = fin.Length 'This is the total length of the input file.
        Dim len As Integer 'This is the number of bytes to be written at a time.
        Dim tdes As New TripleDESCryptoServiceProvider()
        Dim encStream As New CryptoStream(fout, tdes.CreateDecryptor(tdesKey, tdesIV), CryptoStreamMode.Write)
 
        Console.WriteLine("Decrypting...")
 
        'Read from the input file, then encrypt and write to the output file.
        While rdlen < totlen
            len = fin.Read(bin, 0, 100)
            encStream.Write(bin, 0, len)
            rdlen = rdlen + len
            Console.WriteLine("{0} bytes processed", rdlen)
        End While
 
        encStream.Close()
    End Sub
 
End Module

For the MD5 example I take a console parameter string and encrypt that to the ‘PasswordHash.txt’ file. There is an extra step in here to carefully encode as a string since you could run into problems writing the raw byte array output to a file.

Imports System.Text
Imports System.Security.Cryptography
 
Module Module1
 
    Public Password As String = Nothing
 
    Sub Main()
 
        If My.Application.CommandLineArgs.Count > 0 Then
            Password = My.Application.CommandLineArgs(0)
            Dim objStreamWriter As System.IO.StreamWriter = System.IO.File.AppendText("PasswordHash.txt")
            objStreamWriter.WriteLine(GenerateHash(Password))
            objStreamWriter.Close()
        End If
 
    End Sub
 
    Private Function GenerateHash(ByVal StringToEncrypt As String) As String
 
        Dim UniObject As New UnicodeEncoding()
        Dim ByteSourceText() As Byte = UniObject.GetBytes(StringToEncrypt)
        Dim Md5 As New MD5CryptoServiceProvider()
        Dim ByteHash() As Byte = Md5.ComputeHash(ByteSourceText)
        Return Convert.ToBase64String(ByteHash)
 
    End Function
 
End Module
Advertisements
 
1 Comment

Posted by on April 22, 2011 in .NET, Network Admin

 

One response to “Comparing MD5 and 3DES encryption with vb.net

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: