Post by Cariad2033 on Feb 5, 2024 15:24:02 GMT
Hi I have implemented your encryption for my user table.
Basically it is
ID INT autoincrement
LOGON string encrypted
PASSWORD string encrypted.
it all saves great.
Then when a user goes to login with their ID and password I go to create an SQL statement to retrieve their record using the login id and password they entered in a where clause.
So I take the login and password they entered and encrypt them using the same password key in your example and the encrypted version is different and I cannot authenticate them.
Eg.
So lets say I create a login GOD
it encrypts to WRZ67F using encryption password ABCDEF012345
and saved great to the database.
Then a user tries to login again as GOD
using the same encryption password ABCDEF012345
it encrypts to something totally different to WRZ67F .
So obviously my where clause is not going to authenticate.
I am using your code in the example you gave me.
I know how to use the encrypted field in a where clause but the encryption is always different with the exact same key used in your demo of encryption.
Anyone have any Ideas how to get the same encrypted value using the same key ?
Is it the fact the Salt and IV is randomly generated each time, but is preprended to encrypted cipher text so that the same Salt and IV values can be used when decrypting. That means nothing can be encrypted the same for database comparison is that correct ?
In other words the salt and iv should remain the same if one was to compare an entered Logon ID and and encrypted one. Is that right ?
Basically it is
ID INT autoincrement
LOGON string encrypted
PASSWORD string encrypted.
it all saves great.
Then when a user goes to login with their ID and password I go to create an SQL statement to retrieve their record using the login id and password they entered in a where clause.
So I take the login and password they entered and encrypt them using the same password key in your example and the encrypted version is different and I cannot authenticate them.
Eg.
So lets say I create a login GOD
it encrypts to WRZ67F using encryption password ABCDEF012345
and saved great to the database.
Then a user tries to login again as GOD
using the same encryption password ABCDEF012345
it encrypts to something totally different to WRZ67F .
So obviously my where clause is not going to authenticate.
I am using your code in the example you gave me.
I know how to use the encrypted field in a where clause but the encryption is always different with the exact same key used in your demo of encryption.
Anyone have any Ideas how to get the same encrypted value using the same key ?
Is it the fact the Salt and IV is randomly generated each time, but is preprended to encrypted cipher text so that the same Salt and IV values can be used when decrypting. That means nothing can be encrypted the same for database comparison is that correct ?
In other words the salt and iv should remain the same if one was to compare an entered Logon ID and and encrypted one. Is that right ?
