3

I have a program that, using AES symmetric encryption, can encrypt any given plain text and returns the encrypted values as a byte of arrays. This encrypted password is then stored in a database (as a varbinary type) to be later retrieved by the project, and decrypt it. The program works fine, but while I was building it using MSDN's example as a base, I came across several other examples that after getting the encrypted value, they would return it as a Base64 string, like this: 

return Convert.ToBase64String(encrypted);

And store that string in the database. Likewise, when decrypting the password it received a Base64 as a parameter and turned it back to its byte array representation before continuing with the process.

byte[] cipherTextAsBytes = Convert.FromBase64String(cipherText);

My question is, why I should I use this approach when managing my passwords? The way I see it, it just serves to add a couple more lines in my code that could have been omitted without problem (unless this step adds another layer to delay a brute-force cryptographic attack?). Is it a matter of memory in the database (as in, would a varbinary value consume more storage space than its string counterpart?), a matter of performance speed in the code, to make it easier for debugging while comparing values, or just an aesthetic preference?

Ana Ameer
  • 671
  • 11
  • 30

2 Answers2

4

By default your encrypted password is a random string of bits which you would need to store as a binary blob in the database. Encoding those bits as Base64 represents those bits as a subset of ASCII text, and allows you to store as a varchar or any other textual data representation.

Wikipedia:

Base64 encoding schemes are commonly used when there is a need to encode binary data that needs to be stored and transferred over media that are designed to deal with textual data.

You can now also pass your encrypted text through text serialization methods such as JSON etc. Usually it's much easier to work with text rather than binary. Note that Base64 increases the size by 33%, so it's slightly less efficient in terms of storage efficiency, however in most cases this is a very acceptable trade-off.

Martin Konecny
  • 57,827
  • 19
  • 139
  • 159
  • So gathering from both answers, even though it works fine for the project right now, should the need arise for the passwords to be handled by JSON methods, for instance, it would be better to prevent any future problems and implement this from the get-go? – Ana Ameer May 28 '14 at 18:38
  • 1
    Read here for a related question: http://stackoverflow.com/questions/8210293/binary-data-in-database-blob-vs-compressed-base64 You can store in binary or base64. Binary may be preferable when storing to database, and base64 is preferable when transferring data (for example through JSON). – Martin Konecny May 28 '14 at 18:45
  • Thanks for the link; I'm definitely keeping my original approach then. – Ana Ameer May 28 '14 at 18:47
3

The Base64 encoding just makes it easier to put in varchar fields or configuration files. It sounds like byte arrays work fine for your use case.

David Crowell
  • 3,711
  • 21
  • 28