0

I Have gone through several approaches on stack overflow but none works now.

Encrypting a text field value which is the password and saving it in the database is the requirement.

I need the approach of converting the plain text into encrypted

I have tried

https://wiki.qt.io/Simple_encryption_with_SimpleCrypt

it gives different encryptions for same text so I can not compare and validate

Planner
  • 11
  • 4

1 Answers1

2

Simplecrypt you linked to has this piece of code in it:

//prepend a random char to the string
char randomChar = char(qrand() & 0xFF);
ba = randomChar + integrityProtection + ba;

What this means is, any piece of data can result in 256 different possible encrypted datas. This is useful in encryption, where you (among many other things) don't want an attacker to be able to see if two separate encrypted pieces of data are actually same data or not.

If you want to use SimpleCrypt, you have to compare the passwords after decrypting. You could also modify the algorithm to have a known (given by you) randomChar. But I advise against it, as that is going to extra effort to do something poorly.

You should really use something else, for example QCryptographicHash. Just remember to use salt when hashing the password (this prevents an attacker from seeing if some passwords in the database are the same).

hyde
  • 55,609
  • 19
  • 114
  • 170
  • Thank you for the descriptive answer. Can you please explain the implementation of QCryptographicHash. I am new to Qt – Planner Jan 13 '22 at 19:03
  • First you may want to check this: https://stackoverflow.com/q/1054022/1717300 – hyde Jan 13 '22 at 19:25
  • Then you should probably try using QCryptographicHash, and if you run into issues, ask a new, specific question, preferably including the code you are having problems with. – hyde Jan 13 '22 at 19:26