1

I have the following code to encode password field but it gets error when password field is longer than ten characters. 

private string base64Encode(string sData)
    {
        try
        {
            byte[] encData_byte = new byte[sData.Length];

            //encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);
            encData_byte = System.Text.Encoding.UTF8.GetBytes(sData);


            string encodedData = Convert.ToBase64String(encData_byte);
            return encodedData;


        }
        catch (Exception ex)
        {
            throw new Exception("Error in base64Encode" + ex.Message);
        }
    }

This is the code to decode the encoded value

public string base64Decode(string sData)
    {

        System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();

        System.Text.Decoder utf8Decode = encoder.GetDecoder();

        byte[] todecode_byte = Convert.FromBase64String(sData);

        int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);

        char[] decoded_char = new char[charCount];

        utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);

        string result = new String(decoded_char);

        return result;

    }
Handcraftsman
  • 6,863
  • 2
  • 40
  • 33
mahesh
  • 3,067
  • 16
  • 69
  • 127
  • And what is the error ? You shouldn't catch the exception and throw a new one, you are losing a lot of information here. – driis Dec 31 '10 at 10:44
  • This is the exception Invalid length for a Base-64 char array. – mahesh Dec 31 '10 at 10:46

3 Answers3

3

That code itself shouldn't be failing - but it's not actually providing any protection for the password. I'm not sure what kind of "encoding" you're really trying to do, but this is not the way to do it. Issues:

  • Even if this worked, it's terrible from a security point of view - this isn't encryption, hashing, or anything like it
  • You're allocating a new byte array for no good reason - why?
  • You're catching Exception, which is almost always a bad idea
  • Your method ignores .NET naming conventions

If you can explain to us what the bigger picture is, we may be able to suggest a much better approach.

My guess is that the exception you're seeing is actually coming when you call Convert.FromBase64String, i.e. in the equivalent decoding method, which you haven't shown us.

Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
  • Thanks for the reply , i just want to encrypt and decrypt my password feild independent of length using any basic algorithms – mahesh Dec 31 '10 at 10:59
  • @mahesh: You shouldn't usually be storing passwords in a decrypt-able form to start with - you should almost always be using a hash of some description. – Jon Skeet Dec 31 '10 at 11:13
  • 1
    What Jon said, but also: encoding != encrypting. Both are transformations of information from one form to another, but encryption seeks to make the information unreadable unless you have the key. Encoding is usually done to do the opposite: to ease communication. – R. Martinho Fernandes Dec 31 '10 at 11:34
1

I think you will need to modify your code.

These are 2 links which gives more details -

Encrypt and decrypt a string

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx

Community
  • 1
  • 1
Manoj Attal
  • 2,806
  • 3
  • 28
  • 31
0

They are correct about this not being secure. But the question you asked was why is the code failing. Base64 strings usually take up more space than the string they encode. You are trying to store the same amount of data in fewer characters (64 instead of 255), so it expands the string. Since you are dimensioning the array based on the size of the string, any time the base 64 string exceeds the size of the base 255 string, you get an error. Instead of writing the code yourself, use the built in converters.

            System.Convert.ToBase64String()
            System.Convert.FromBase64String()

But as I mentioned before, this is not secure, so only use this if you are trying to do something with a legacy system, and you need to preserve functionality for some reason.

James Bunch
  • 59
  • 1
  • 2