Unfortunately, I have some code that does this:
byte[] plainText = System.Text.Encoding.ASCII.GetBytes(ClearText);
var btcipherText = enc.Encrypt(plainText, btkey);
System.Text.Encoding en = System.Text.Encoding.Default;
return en.GetString(btcipherText);
Which is then saved to the database as a user’s password.
In mono, on Ubuntu 12.04, System.Text.Encoding.Default is System.Text.Encoding.UTF8, while on Windows 7, it seems to be System.Text.SBCSCodePageEncoding.
The password encryption/decryption code should never have been using System.Text.Encoding.Default, but this is inherited code. Looking in System.Text.Encoding, and having googled my problem extensively, I am unable to determine how I might decode this string with a standard encoding, and in this case on a Mono/Linux stack that lacks the original encoding.
I’ve also strangely not been able to find much information on System.Text.SBCSCodePageEncoding
When I try to decrypt a string stored with this encoding, I get the usual “Bad data” and “Invalid block size” Cryptographic exceptions.
Any information or suggestions are appreciated.
Building on the other answer, given that you know which limited set of encodings are used to convert the byte[] to a string, build a utility (or build it into the app so that passwords are upgraded as they are used) that read and decodes the password back to a valid byte[] then store the byte[] as Base64 in the database.
I see your also considering hashing the passwords, in this case and almost any other case if your dealing with a byte[] that doesn’t actually represent text, that you need to store/display as characters then base64 is always a good option.
If you decide to hash the passwords make sure you use a HMAC style hashing system rather than just a plain password + salt, or even better grab a bcrypt implementation for .net.
http://derekslager.com/blog/posts/2007/10/bcrypt-dotnet-strong-password-hashing-for-dotnet-and-mono.ashx