0

I Have gone through several approaches on stack overflow but none works now.

Encrypting a text field value which is the password and saving it in the database is the requirement.

I need the approach of converting the plain text into encrypted

I have tried

https://wiki.qt.io/Simple_encryption_with_SimpleCrypt

it gives different encryptions for same text so I can not compare and validate

Planner
  • 11
  • 4
  • 1
    Show what you have done and what doesn't work. We are not going to go through all the known approaches and suggest them to you, only to learn that you have already tried them. – n. m. could be an AI Jan 13 '22 at 09:58
  • 3
    Are you __sure__ you want encryption and not a hash? – perivesta Jan 13 '22 at 09:58
  • @dave I Suppose Hash will work too. I just want to update the db with a protected password so that is not directly exposed. – Planner Jan 13 '22 at 10:18
  • `bcrypt` is often used to encrypt passwords – Osyotr Jan 13 '22 at 11:12
  • Related: [https://forum.qt.io/topic/76859/encrypt-and-decrypt-the-password-entered-in-qlineedit](https://forum.qt.io/topic/76859/encrypt-and-decrypt-the-password-entered-in-qlineedit) – drescherjm Jan 13 '22 at 14:01

1 Answers1

2

Simplecrypt you linked to has this piece of code in it:

//prepend a random char to the string
char randomChar = char(qrand() & 0xFF);
ba = randomChar + integrityProtection + ba;

What this means is, any piece of data can result in 256 different possible encrypted datas. This is useful in encryption, where you (among many other things) don't want an attacker to be able to see if two separate encrypted pieces of data are actually same data or not.

If you want to use SimpleCrypt, you have to compare the passwords after decrypting. You could also modify the algorithm to have a known (given by you) randomChar. But I advise against it, as that is going to extra effort to do something poorly.

You should really use something else, for example QCryptographicHash. Just remember to use salt when hashing the password (this prevents an attacker from seeing if some passwords in the database are the same).

hyde
  • 60,639
  • 21
  • 115
  • 176
  • Thank you for the descriptive answer. Can you please explain the implementation of QCryptographicHash. I am new to Qt – Planner Jan 13 '22 at 19:03
  • First you may want to check this: https://stackoverflow.com/q/1054022/1717300 – hyde Jan 13 '22 at 19:25
  • Then you should probably try using QCryptographicHash, and if you run into issues, ask a new, specific question, preferably including the code you are having problems with. – hyde Jan 13 '22 at 19:26