VB.net function to convert text to something confusing

Murray Brown
Murray Brown used Ask the Experts™
on
Hi

In my VB.net windows forms project I want to write text files with names that the user won't now.
So I want to use a function to convert a string to a confusing name and then another function
to convert the function back to the original string
I am hoping someone has done this before and can give me some example VB.net code.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ste5anSenior Developer
Commented:
hmm, I never had an use-case for such an approach. Cause it's just obfuscation, thus you don't gain nothing from it.

The only thing, which makes sense in this context:
Assign an arbitrary name derived from a random or hash (SHA) and use a lookup table (database) in your program to resolve it.

Otherwise use a simple or trivial cipher like ROT-13, Base64 or Caesar. But keep in mind, that using real ciphers may result in longer file names. Depending on the path this can lead to too long path arguments for some applications.
Éric MoreauSenior .Net Consultant
Top Expert 2016

Commented:
Chief Technology Ninja
Distinguished Expert 2018
Commented:
Hi Murray,

Kindly describe what is the business requirement behind this.

PS: Do not use TripleDES as it is considered weak algorithm: https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.tripledes?view=netframework-4.7.2. If you decide to go that route, please use AES:https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aes?view=netframework-4.7.2

Regards
Chinmay.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Éric MoreauSenior .Net Consultant
Top Expert 2016
Commented:
Chinmay, if the purpose is only to scramble the text, TripleDES is fine. If the purpose is to store sensitive information, I agree, a more robust solution would be to consider.
Chinmay PatelChief Technology Ninja
Distinguished Expert 2018
Commented:
Hi Eric,

3DES is not recommended for anything today - even for scrambling I would strongly suggest using a hashing algorithm(and maintain the list in memory with original names and their hashes) which are better than 3DES. My concern is to flag an algorithm which was considered weak from its inception, that is all.

Regards,
Chinmay.
Murray BrownHead Developer

Author

Commented:
Thank you all

Commented:
I know this is closed, but I would suggest just using a simple substitution cipher (e.g. "X" = "Z", "B" = "N", etc...). The issue with other encryption ciphers is that they will usually produce binary data which cannot be represented using standard, filesystem-compatible characters. For example, let's say that after encryption, the original filename has some bytes that are 0x10 or 0x13, which are line break/carriage feed characters. You would be unable to use those characters in the filename unless you encoded it with something like Base64 (and even then, you'd have to substitute a couple of characters, since Base64 also has a few filesystem-incompatible characters, and also increases the length of the filename itself by around 33%).

So with encryption/encoding, you end up doing a lot more work.

As someone else mentioned earlier, you could use a SHA-1 hash, but that requires a lookup table of some kind in order to convert it back to the original value, and that table would have to be stored somewhere and be accessible to the code (and thus accessible to the end user), so the lookup table itself could be used to easily decipher an original filename.

A substitution cipher is quick to implement and fast and doesn't require any extra encoding, and it's fast to decipher, too. The only catch to it is that if a user were really determined, they could eventually figure it out. But it's nearly impossible to prevent a determined user from determining the technique - especially on a .NET application that can very easily be disassembled back into readable source code.

So ultimately, if it's important that it be difficult for even determined users to decipher, then you would probably need to use multiple ciphers and use a non-.NET language, like C or C++ - something that can be compiled and is not decompiled quite as easily as a .NET app.

Commented:
Also, if you want an example of a simple substitution cipher:

Subby.vb
Public Class Subby

    Private MapFrom As String
    Private MapTo As String

    Public Sub New()
        MapFrom = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
        MapTo = "VqSR0Ao4gw52bGCZXlaIHtxD9cP1mfipeEMzWkvFuhyJ3UnjTsrK7LdN6YB8OQ"
    End Sub

    Public Function Encode(ByRef CurrentString As String) As String
        Return Swap(CurrentString, MapFrom, MapTo)
    End Function

    Public Function Decode(ByRef CurrentString As String) As String
        Return Swap(CurrentString, MapTo, MapFrom)
    End Function

    Private Function Swap(ByRef CurrentString As String, ByRef _MapFrom As String, ByRef _MapTo As String) As String

        Dim sb As New System.Text.StringBuilder(CurrentString.Length)
        Dim pos As Integer

        For Each c As Char In CurrentString
            pos = _MapFrom.IndexOf(c)
            If (pos >= 0) Then
                sb.Append(_MapTo(pos))
            Else
                sb.Append(c)
            End If
        Next

        Return sb.ToString()

    End Function

End Class

Open in new window


Usage:
        Dim subby As New Subby
        Dim encoded As String = subby.Encode("Hello World.txt")
        Dim decoded As String = subby.Decode(encoded)
        Console.WriteLine(encoded) // "4ikku xuJkf.UsU"
        Console.WriteLine(decoded) // "Hello World.txt"

Open in new window

Murray BrownHead Developer

Author

Commented:
thanks gr8gonzo. That is very helpful

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial