RE: Encrypting and Decrypting?

[JMW62]

Hi Maira and Matt! Enjoyed your walkthrough! Built the app and it appears to be working. However, I tested the program in 4 different ways: 1. Just to check the program was working, inserted "Test001" as the Plain Text input (I presume this would be synonymous with Username?) and "pass001" as the Password. This produces a cipher code. Decoding produces the Plain Text(PT) result - "Test001"; 2. Plain text = James and Password = pass002 which produces PT - James; 3. To verify the Password security of #2, I used Plain Text = James and Password = passFake which produces PT - James?; 4. To double check that result, I used a random full name, i.e. Plain Text = James Riley Watson and a true Password = pass003. Then, I used the same PT full name, James Riley Watson and a fake Password = passFake. This produces a different cipher code from the first time the full name was inserted, but when I decoded I was surprised that the PT result was James Riley Watson?! Since the cipher code for the first insertion of the full name with a "true" password and the cipher code for the second insertion of the same full name is different, I should not be allowed access to the user's name/account, right? Besides, the Password "passFake" had already been used so I guess it should not be allowed either nor should it produce protected data? I am just posting this because curious and I'm trying to learn more about data security and don't understand the results I obtained? Seems like there's no option to post the BMP here? Also, I would really appreciate comments on where this data is being stored to understand more about how secure this method is? Please correct me if there's something I've missed here! Any help is welcome!

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8fabe7ed-c89e-6984-af23-b2052814b71e
• Version Independent ID: 5e4ff908-d8cf-7c1c-b1b5-ad942d895ac0
• Content: Encrypting and Decrypting Strings in Visual Basic
• Content Source: docs/visual-basic/programming-guide/language-features/strings/walkthrough-encrypting-and-decrypting-strings.md
• Product: dotnet-visualbasic
• GitHub Login: @dotnet-bot
• Microsoft Alias: dotnetcontent

[JMW62]

Strange that no one has commented on this issue?

[nreh]

Ok so i'm pretty new to the world of encryption/decryption so take whatever I say with the possibility of being wrong. I noticed a function called "TruncateHash" which as the name implies, might truncate, or cut off the end of the password. Because the encrypted text is so short, the password might be cut off from a very short amount as well. So because the true password, and the false one both begin with the first four letters "pass", it might be cutting off the end, resulting in the decryptor thinking you have the right password. Try changing the false password to something completely different? Like "asdf" or "keyfake"?

Once again I might be completely wrong though.

[nreh]

Update: I tried the code but couldn't reproduce the problem, maybe check your code?

[dotnet-bot]

This issue has been closed as part of the issue backlog grooming process outlined in #22351.

That automated process may have closed some issues that should be addressed. If you think this is one of them, reopen it with a comment explaining why. Tag the @dotnet/docs team for visibility.