All geek questions in one place

Limit characters used in encryption

I have a very simple encryption class using tripleDES to encrypt a query string for a specific page on my site. I do this to prevent the user page from being scraped sequentially based on our database identifiers.

Anyway, I used this encryption method

However, it includes 3d% and some other special characters that should not be in the query line and rejected by Url Scan for security purposes. In the actual encrypted string, = is created. I don't want to change the URL check, but I was wondering if there is an encryption character limit for tripleDES crypto provider or something else. I know almost nothing about encyrption, and I'm really just messing up the query string, so I'm open to other options regarding my encryption of the query string.

+4
source share
2 answers

The methods used use Base64 encoding to convert an encrypted byte array that can have all kinds of "non-printable" bytes into it - in a form that will contain only A - Z , A - Z , 0 - 9 , + , / and = .

However, these last 3 are not suitable for URLs.

You can make a simple String.Replace on a Base64 string by replacing these characters with URL-safe characters, for example. + => - , / => _ and = => . . You can even completely remove = from the end, as they only complement characters. (Performing the first two substitutions and reset = proposed by RFC3548 .)

Then just change this replacement when you want to decrypt the string. If you completely discard = , add = until the string is a multiple of 4.

+9
source

You should not bother with cryptography if you do not know what you are doing (and even if you do). Instead, use crypto as is and the UrlEncode result.

+3
source

Source: https://habr.com/ru/post/1435062/

More articles:


All Articles