Android Question Different BYTE() result from 2 Instances of B4XCIPHER

Gianni Sassanelli

Active Member
Licensed User
Longtime User
Hi
as subject i get two different result if i call form more time the some function for encrypt my string
Is this correct?
I expected to always have the same byte array

If this is the correct behavior, how can I always get the same byte array?
thank's

the example is following

EXAMPLE: 
    Dim EncryptedData() As Byte

    Dim c As B4XCipher
    Dim myString, myPassword As String

    Log("Start test ==============")
    myString       = "abc"
    myPassword = "1234"
    Log("1° test >>")
    EncryptedData = c.Encrypt(myString.GetBytes("utf8"), myPassword)
    Log("First Time    byte Length: " & EncryptedData.Length)
    For N = 0 To EncryptedData.Length-1
         Log(EncryptedData(N))
    Next
    EncryptedData = c.Encrypt(myString.GetBytes("utf8"), myPassword)   ' note the some string and password
    Log("Second Time    byte Length: " & EncryptedData.Length)
    For N = 0 To EncryptedData.Length-1
            Log(EncryptedData(N))
    Next   

    EncryptedData = c.Encrypt(myString.GetBytes("utf8"), myPassword)   ' note the some string and password
    Log("third Time    byte Length: " & EncryptedData.Length)
    For N = 0 To EncryptedData.Length-1
            Log(EncryptedData(N))
    Next
 
Sort by date Sort by votes

OliverA

Expert
Licensed User
Longtime User
Gianni Sassanelli said:
If this is the correct behavior, how can I always get the same byte array?
Click to expand...
B4XCipher uses a different "salt" when encrypting data. The encrypted data is prefixed with this salt to allow the decryption algorithm to work properly. This is by design. If you want something that encrypts without a salt, then one method would be to use @agraham's encryption library and do your own encryption. I would not recommend that though, since there are reasons for using a salt in encryption.

Links:
@agraham's encryption library: https://www.b4x.com/android/forum/threads/base64-and-encryption-library.6839/
An article about encryption and the use of salt: https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
 
Upvote 1

agraham

Expert
Licensed User
Longtime User
Initialisation Vectors in the Cipher object in the Encryption library serve the same purpose as a salt except you can define your own whereas B4XCipher chooses its own random one and prepends it to the result of the encryption. By using different IVs you ensure that the same string when encrypted twice does not produce the same result which is a good security measure.
 
Upvote 0

Gianni Sassanelli

Active Member
Licensed User
Longtime User
OK thank's for your explanation Agrahm and OliverA.

I would need to be able to encrypt a string to save some passwords.

The problem is that if the hash of the encrypted string always changes I can never compare a user entered password with one just saved in the db.
Could you advise me how to do it?
 
Upvote 0

sirjo66

Well-Known Member
Licensed User
Longtime User
You can also use a fixed "salt" and then use MD5, SHA-1, SHA-256 or other.
So you can compare the result with the data in database
 
Upvote 1
You must log in or register to reply here.

Similar Threads

  • Solved
B4J Question [B4X] B4XCipher how to decrypt the result in vb.net
Replies
5
Views
2K
MicroDrie
  • Question
Android Question B4xCipher decryption on other platforms
Replies
5
Views
1K
agraham
H
  • Question
Android Question Encrypt Text with B4XCipher
Replies
3
Views
1K
hanyelmehy
H
A
  • Question
Android Question B4XCipher memory use
Replies
5
Views
1K
a n g l o
A
  • Locked
  • Article
B4A Library [B4X] B4XEncryption
2 3
Replies
42
Views
36K
Chris Lee
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…