How to compare encrypted value with plain text?

Question

1.00/5 (1 vote)

See more:

I'm trying to compare an encrypted value stored in a database with a value [plain text] that is inputted by the user but I cannot find the appropriate technique to do so.

When the text is being decrypted, the value is still not plain text, it contains symbols and letters.

I'm using these AES techniques found in this link;
C# AES 256 bits Encryption Library with Salt[^]

All I want is to somehow compare the encrypted value found in the database with the input from the user to see if both values match.

Thanks !

Posted 4-Apr-15 5:05am

developerjm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2015-04-04T05:25:00

Solution 1

The only way to directly compare them is to either encrypt the user input using the same key and compare that, or decrypt the DB value and compare that.

But...I'm just guessing here that you are trying to handle passwords? If so, then you really, really don't want to encrypt anything! You should Hash the original, and store the hash instead - then for validation when they log in, you hash what they typed, and compare the two hashes. There is a tip showing how here: Password Storage: How to do it.[^]

Posted 4-Apr-15 5:25am

OriginalGriff

Comments

developerjm 4-Apr-15 11:28am

Thanks for your reply! :)

No, not passwords. I am just encrypting a value that I need to save in the database.

I have tried encrypting the value using the same key but still a different output is given. Am kinda lost :s

OriginalGriff 4-Apr-15 11:43am

If you are using the same key, and the same code you will get the same value - except for any "junk" after the encrypted data which may be random.
So start by decrypting the DB value using the "known" key - is it exactly what you expect? If not, then you need to start by looking at exactly how you stored the value in the DB. For example, if you concatenate strings to form SQL queries, then
string SQL = "INSERT INTO MyTable (MyColumn) VALUES (" + arrayOfBytesHoldingEncyrptedData + ")";
Will not store the encrypted bytes, but the string "System.Byte[]" because the default ToString implementation returns the name of the datatype rather than the content.

Dennis Baberich 4-Apr-15 12:41pm

No he won't get the same value. The encryption method is creating a random salt. Therefore the result will always be different.

developerjm 5-Apr-15 7:01am

That's right :/

developerjm 5-Apr-15 7:02am

I'm thinking of removing the salt but I think that it is not recommended.

Dennis Baberich 7-Apr-15 8:01am

That would defeat the whole purpose and leave you with a sloppy solution... Just provide the hash for the encryption to verify the value.