Encrypting and decrypting a string
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Todd_Withers
Posted On:   Tuesday, May 20, 2003 07:29 PM

I need to encrypt a users social security number with a password into a string that i can pass on a url to another site. at that site they need to be able to decrypt the string using the same password. I have spent many hours reading, searching the web and experimenting. All of the crypto stuff i've found deals with byte arrays which i can't pass on a url. i can convert these in some way to a url friendly string but it seems there should be a "typical" approach to this problem. If there is, i want to avoid a strange solution of my own devising. I have heard some people mention md5 but my understanding is that md5 is not encrypti   More>>

I need to encrypt a users social security number with a
password into a string that i can pass on a url to
another site. at that site they need to be able to
decrypt the string using the same password.



I have spent many hours reading, searching the web and
experimenting. All of the crypto stuff i've found
deals with byte arrays which i can't pass on a url. i
can convert these in some way to a url friendly string
but it seems there should be a "typical" approach to
this problem. If there is, i want to avoid a strange
solution of my own devising.



I have heard some people mention md5 but my understanding
is that md5 is not encryption so I'm not sure what part
that would play.



very frustrated :(.



thanks in advance for you help.

   <<Less

Re: Encrypting and decrypting a string

Posted By:   Christopher_Schultz  
Posted On:   Wednesday, May 21, 2003 01:00 PM

You can't avoid the byte arrays. What you can do is encode that array once you encrypt it, in order to send it over the wire in a URL.



Typical encodings are either ascii-coded-hex (my name for something that looks like "1342abf34244" in string form representing the bytes 0x13 0x42 0xab 0xf3 0x42 and 0x44) or uuencode/base64-encoding, which does some more complicated encoding but accomplishes the same thing.



MD5 is not encryption. It is called "digestion". That is, MD5 can create a 20-byte signature of any input that you give it. You can store "passwords" this way by getting the password's signature and putting it into a database. The only way for a user to authenticate against that password is to provide the original password which will be MD5'd and then compared against the stored password. MD5 is one-way only: you cann't reconstruct the original message from the digest.



Hope that helps,

-chris
About | Sitemap | Contact