VB.NET Tutorials

Welcome to Dream.In.Code
	Getting Help is Easy! Join 131,712 Programmers for FREE! Get instant access to thousands of experts, tutorials, code snippets, and more! There are 2,401 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a Expert

Encryption

Encryption, How to use MD5 encryption in VB.NET

Options

Bort

9 Oct, 2008 - 03:19 AM

Post #1

This tutorial was originally thought up thanks to RodgerB who suggested I added some form of encryption to the code in my 'Trial Period' tutorial here.

I have only looked at encryption for a few days now, but MD5 encryption seems pretty simple, so I decided to put together some notes on it and put it here in case anyone else needed it.

Basically MD5 encryption works one way, so you can encrypt a piece of data, but not decrypt it. Sound kinda pointless? Actually, no, it's quite handy for username/password databases where you will need to save the encrypted data, then check it against what someone has input into, for example, a TextBox. So if you join a website that you need to log into, for example a brilliant programming site called /dream.in.code (visit it here: www.dreamincode.net), you would create your username and password, which is then encrypted and saved in a database. then, when you visit the site, you type in your username/password, these get encrypted, and the encrypted data is checked against the encrypted data saved in the database. If it matches, you are logged in, if it does not, chances are it will complain at you about it.

So how do we go about encrypting information? Well, first of all, you will need to import a few namespaces. Put this code above the Public Class Form1 line.

CODE

Imports System.Security.Cryptography
Imports System.Text

System.Security.Cryptography imports all of the information VB need to run the MD5 encryption, and System.Text provides UTF8 support.

Ok, our next step is the declarations. Put this code in the 'Submit' button of your form.

CODE

        Dim strText As String = TextBox1.Text
        Dim bytHashedData As Byte()
        Dim encoder As New utf8encoding()
        Dim md5Hasher As New MD5CryptoServiceProvider

These variables are:

strText = The text string you wish to encrypt (eg. password)
bytHashedData = The same text string after encryption. This is no longer in string format, but rather it is a byte array.
encoder = This is a name for the UTF8Encoding method. This is what converts the string into byte format.
md5Hasher = This is the method which actually encrypts the byte array (from encoder) into a different byte array.

This is the line of code you will need to encrypt the information.

CODE

bytHashedData = md5Hasher.ComputeHash(encoder.GetBytes(strText))

The data stored as the variable bytHashedData is what would be saved in the database as your 'password'.

As I mentioned near the beginning, MD5 is one-way encryption, so you cannot decrypt the data once it is converted. This means that if you later go to log into /dic, for example, you would type your password in, and by the time it comes back to your PC to log you in or ask for a correct password, the word you typed into the box has been encrypted itself (using exactly the same code as shown above), then compared to what you saved in the database as your original password. Obviously, if it returns a match, you are logged in, if it does not, you are not logged in.

I do not have code for this bit, but it is exactly like checking a database for any information. The main thing you have to remember when implementing this, is that the data stored in the database is saved in Byte format, not String.

one last thing to mention. MD5 does have one glaring weakness, unless the user goes for obscure passwords. Someone wanting access to your account can use a dictionary search on your username (basically they work their way through a dictionary testing words to see if they can find your password). Not a problem for people with weird passwords, but could cause problems for people with normal words. This is where a little trick called salting comes in. The way salting works is you add some additional information to the password before encrypting it. This could be a user ID, or even the username. Like this:

CODE

bytHashedData = md5Hasher.ComputeHash(encoder.GetBytes(strText & txtUserName.Text))

This is a simple, yet effective way to avoid dictionary attacks

If you have any questions or comments about this tutorial, please post here and I will get back to you with an answer.

Happy coding,
Bort

This post has been edited by Bort: 9 Oct, 2008 - 07:15 AM

Register to Make This Ad Go Away!

PsychoCoder
Group Icon

9 Oct, 2008 - 06:16 AM

Post #2

Nice tutorial, you might want to add some information and samples on using RSACryptoServiceProvider as well. It's another form of encryption offered in the .Net Framework.

With this provider you can accomplish things like RSA-SHA1256 Signature verification, like


Public Function VeryfiRASSha256Signature(ByVal dataToSign As Byte()) As Boolean
	Using rsa As New RSACryptoServiceProvider()
		Dim sig As Byte() = rsa.SignData(dataToSign, "SHA256")

		If rsa.VerifyData(dataToSign, "SHA256", sig) Then
			Return True
		Else
			Return False
		End If
	End Using
End Function

Bort

9 Oct, 2008 - 07:01 AM

Post #3

You're probably right PsychoCoder, but I have just figured out MD5 which is a lot simpler. I may well add more information to this tutorial as and when I figure out more encryption methods.

Thanks for the snippet though, it will give me somewhere to start

Bort

PsychoCoder
Group Icon

9 Oct, 2008 - 07:12 AM

Post #4

No problem kind sir, I just try to help out as much as I can

Bort

15 Oct, 2008 - 07:15 AM

Post #5

I spent some time trying to get this to work with my other tutorials (registry changes and trial period), but it didn't work properly. I needed to be able to decrypt the data as well as encrypt it, so I looked into RSA encryption as kind of suggested by PsychoCoder. Once the tutorial for it ispublished, I will link it here.

Bort