In my previous post I had discussed on how to derive a encrypted password using RFC2898
Let us now see an extented application on RFC2898.
On how can we encrypt a Username/password into a file, and decrypt it later
What I am going to discuss here is that:
My scenario constitutes of a "username" and a "password". Let us assume a situation when you forget the password.
You only can recall your username, so how can we retrive our username.
The idea is to store the password into a file in encrypted format then decrypt the file and retrive the password
Crypto_file_encryption : Custom Namespace uses "file_encrypt.EncryptFile()" method, which we will use here later.
Details in : http://dotnetspider.com/resources/40625-Encrypt-Files-Using-RFC-Rijndael.aspx
Crypto_file_decryption : Custom Namespace uses "file_decrypt.DecryptFile()" method, which we will use here later.
Details in : http://dotnetspider.com/resources/40626-Decrypt-Files.aspx
System.IO : For File Handling
Now Let us start encrypting
string My_Path = "My_secret_file.txt";
//Search for the file "My_secret_file.txt"
//Delete the old file to create a new file
//A method for Encrypting the data
//where "Path" is the path where you want to store your file
void MY_ENCRYPTION(string Path)
string My_password = "p@$$W0rD";
string My_username = "Mrinmay Paul"
//Create a new file My_secret_file.txt.my
FileStream fin = new FileStream(Path + ".my", FileMode.Create, FileAccess.Write, FileShare.ReadWrite);
StreamWriter tw = new StreamWriter(fin);
//Write the password into My_secret_file.txt.my in non-encrypted format
string inFile = Path + ".my";
string outFile = Path;
//Here we encrypt our file.
//For details on file_encrypt.EncryptFile()
file_encrypt.EncryptFile(inFile, outFile, My_username);
File.Delete(inFile);//Delete the non-encrypted file
Now Let's decrypt the file and retrive the password
//A method for Decrypting the data
//where "Path" is the path where you have stored the encrypted_file
void MY_DECRYPTION(string Path)
string Path = "My_secret_file.txt";
string inFile = Path;
string outFile = Path + ".my";
//Here we decrypt our file.
//For details on file_decrypt.DecryptFile()
file_decrypt.DecryptFile(inFile, outFile, username_box.Text);
FileStream fin = new FileStream(outFile, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
StreamReader tr2 = new StreamReader(fin);
string My_Retrived_pass = tr2.ReadLine();
// The Password is : "My_Retrived_pass"
MessageBox.Show("Invalid username or File not Found \n Try Again");
Hope that you enjoyed it.
Also attaching a sample application.
Point to note : To really understand this app, have a look at my two previous posts
I have a question for you!!!
Q1.Can you tell me where a direct attack is possible to the encryption/decryption implementation in this code ?
Q2.And (however if you found out the answer to the first question) how can you correct/modify it so a direct attack is not possible ?
There is no flaw in my Encryption/decryption algorithms ( thats what I feel), however if you find a flaw in my Encryption/decryption algorithms please do let me know.
The flaw is in its implementation here.
The Flaw and the solution have discussed here: