Optimum (fast and tough to break) algorithm for encryption of plaintext in a sql file

Question

0.00/5 (No votes)

See more:

Dear Friends:

I need help from friends that publish some softwares. however, any comment will be appreciated.
If you want to sell your software what is your best method for encrypting sensitive information in its SQL bank? please provide me a solution that you have used in your software (I mean something that will work and reduce the vulnerably attacks in much extent).

Yours

Posted 15-Jul-12 17:49pm

Mmohmmad

Updated 16-Jul-12 3:28am

v3

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

StianSandberg · Answer 1 · 2012-07-15T21:32:00

See this article Simple encrypting and decrypting data in C#[^] for encryption/decryption of strings. I use sort of same solution and it works great.
The only "downside" is that you can't query this data from solution explorer in sql. Like

SELECT * FROM Table WHERE EncryptedValue = 'hello'

You will have do encrypt string to query.

SELECT * FROM Table WHERE EncryptedValue = 'encryptedValueFromCode'

charles henington · Answer 2 · 2012-07-16T18:50:00

C#

public string Encrypt(string Data, string Password)
        {
            byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(Data);


            PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,


                new byte[] { 0x00, 0x01, 0x02, 0x1C, 0x1D, 0x1E, 0x03, 0x04, 0x05, 0x0F, 0x20, 0x21, 0xAD, 0xAF, 0xA4 });
            MemoryStream ms = new MemoryStream();

            Rijndael alg = Rijndael.Create();
            alg.Key = pdb.GetBytes(32);

            alg.IV = pdb.GetBytes(16);
            CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write);

            cs.Write(clearBytes, 0, clearBytes.Length);
            cs.Close();
            byte[] encryptedData = ms.ToArray();
            return Convert.ToBase64String(encryptedData);


        }

        public string Decrypt(string Data, string Password)
        {
            byte[] clearBytes = Convert.FromBase64String(Data);


            PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,


                new byte[] { 0x00, 0x01, 0x02, 0x1C, 0x1D, 0x1E, 0x03, 0x04, 0x05, 0x0F, 0x20, 0x21, 0xAD, 0xAF, 0xA4 });
            MemoryStream ms = new MemoryStream();

            Rijndael alg = Rijndael.Create();
            alg.Key = pdb.GetBytes(32);

            alg.IV = pdb.GetBytes(16);
            CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(), CryptoStreamMode.Write);

            cs.Write(clearBytes, 0, clearBytes.Length);
            cs.Close();
            byte[] decryptedData = ms.ToArray();
            return System.Text.Encoding.Unicode.GetString(decryptedData);


        }

Joan M · Answer 3 · 2012-07-15T21:20:00

Solution 1

It all depends on what you want to do with your data:

If you only want to check if the value entered is correct (like passwords) then a SHA1 operation would work perfectly and without hassle.

If you want to get the data back, then don't hash it, use any library out there that could offer you the level of encryption that you are looking for.

You should explain that at the beginning in order to get better help.

Good luck...

Posted 15-Jul-12 21:20pm

Joan M

Comments

Mmohmmad 16-Jul-12 3:34am

Dear Joan:

Thanks for your reply. I want to get data back so I should use symetric or asymetric algorithms. however, with these algorityms a hacker can access our data. I already should mention that I do not want 99 percent security.
if we consider the security from path 1 to 10 I want 7. What is your suggestion or solution? Is it necessary to use user-defined algorithm or just use build-in algorithms?

Optimum (fast and tough to break) algorithm for encryption of plaintext in a sql file

3 solutions

Solution 2

Solution 3

Solution 1

Add your solution here

Preview 0