Encryption/Decryption is now working

Encryption/Decryption is now working! You can see how it works here:

public static string Encrypt( string target )
{
byte[] ptextBytes = Encoding.ASCII.GetBytes( target);
byte[] ctextBytes = ProtectedData.Protect( ptextBytes, entropy,
SCOPE );
char[] chars = new char[1024];
Convert.ToBase64CharArray( ctextBytes, 0,
ctextBytes.GetLength(0), chars, 0 );
return ToString( chars );
}

public static string Decrypt( string target )
{
byte[] ctextBytes = Convert.FromBase64String( target );
byte[] ptextBytes = ProtectedData.Unprotect( ctextBytes, entropy,
SCOPE );
return Encoding.ASCII.GetString( ptextBytes );
}

private static string ToString( char[] chars )
{
StringBuilder sb = new StringBuilder();
foreach ( char c in chars )
if( c != (char) 0 )
sb.Append( c );

return sb.ToString();
}

entropy is defined as:

private static byte[] entropy = new byte[] { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; // not the real values used for obvious reasons!

SCOPE is defined as:

private const DataProtectionScope SCOPE = DataProtectionScope.LocalMachine; // this will be using the web servers encryption key.

The 'trick' to getting this code working was to only copy the non-zero characters from the chars array.

Working on Encryption/Decryption for the site

I already have a better hash working for passwords on the site that use a unique salt value and repeat the hash 10,000 times:

public static byte[] Encode( string password, out byte[] salt )
{
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
32, 10000 );
salt = rdb.Salt;
return rdb.GetBytes( 256 );
}

public static bool ValidatePassword( string password,
byte[] storedSalt,
byte[] encPassword )
{
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
storedSalt,
10000 );
byte[] passwordEnc = rdb.GetBytes( 256 );
return Equals( encPassword, passwordEnc );
}

At the moment, I'm having some difficulty getting a Base64 string in the correct format, but once I get that issue solved (over the next two or three days), I'll post those two methods here just like I did for the two that are working as designed.

Okay, the Password generator is done.

This is how it works:

Step 1) You enter a master password (with this password you will always get the same 26x26 matrix.
Step 2) Follow the directions on the Cypher page.

The master password: mycustompassword will always result in this matrix and
the master password: MYCUSTOMPASSWORD will always result in this matrix too.

This is because the letters are reduced to their index from 'A', 'a' or ' '.

x p m w c b f j k g l r z e u n a s i y o q v d h t
e v b d q r l h w y t j o a n i m c s k u p f g z x
q l z g m f c x i j w v t s a d r k h y b p n o e u
l u t b m w p f q v g a c y o d i r n x z e s h j k
y m t j p e o q g b a c h s u x l f z v n k d w r i
w e n f g y u v a m x k j l p i q c o z s d r b t h
h l g i m c e o f w k a j d z v p s b q t y n u x r
f h j r i t p x l u c d z n s o m b a e y w v q k g
m l q e b v h y o f w s j k c z u t a g p n r i x d
z i o v q p h r n x y c b a w d f j k t g u s e m l
l v i r c m u n x k b y q j p e a d z h t g f s o w
v m s d q y n a p b f j g h u w k e z i l c o t x r
d v f r m n t b g o c y l e j q i k x h u w z s p a
e p d y l f o s g u n q t a z k h v b j m r x c w i
r x m c l t e f k n i q j y a w p z s o v u b d h g
t o g z l q h d b w n v m p y e a x k j f c u i r s
u t h r x b q e y a j l z c s m n d v g w k p i o f
m t v f w u r g h b j l q d p y c o a s x k n i z e
y u z v b d f r k o t c l i a w p m q e x s n j g h
t u o f w p m s v b q i n r a l y d k h z c e x j g
y m o s f r h b u x d n c i e g t j z a q l w p v k
j s u o h w v d l b p f r t e n k y x z g m a c i q
v n l e x h p r o j y m s b z g w t k f q d c u a i
d k h y f e l u c m x t z j q i r p g a v s o b n w
u p t h m a d o q b w r j c n z y v s e i k x g f l
z l j r q d t v c u k h f o x b n e s p m a i g w y

The first step in using this: is to find the first letter in your domain name (like: my-msi.net) scanning from left to right (just omit the non-letters).

Keep doing this from the spot you left off on for each successive letter of the domain name.

Rember the spot you ended up at: This is your starting place for the encryption process.

Now the encryption can begin:

To encrypt we will once again find the first letter in the domain name (like: my-msi.net), but this time we will right down the next two letters.

Then we will find the next letter in the domain name, but this time we will write down the next two letters above that point.

Then we will find the next letter in the domain name, but this time we will write down the next two letters to the left of that point.

Then we will find the next letter in the domain name, but this time we well write down the next two letters below that point.

Repeat, rotating the direction you take the next two letters from going counter-clockwise.

And that's it. Print this page and you'll have an off-line encryption method that is unique to you. Because nobody will have the same 26x26 matrix without your Master Password.

A HttpModule wasn't required after all...

A HttpModule wasn't required after all...

All that was needed was one fuction (method) and a simple if statement:

    private bool CheckHeaders( string forThis )
    {
      bool found = false;
      foreach ( string s in Request.Headers )
        if ( s.Contains( forThis ) )
        {
          found = true;
          break;
        }
 
      return found;
    }
 
    public ActionResult Index( string memberName )
    {
      if ( Request.Browser.IsMobileDevice || CheckHeaders( "iPhone" ) )
        return Redirect( string.Format( "~/Mobile/Index/{1}", memberName ) );
      
      // rest of this mehtod isn't being shown. 
      }