Skip to main content

All your base-64 do not belong to prying eyes

Posted by evanx on March 12, 2007 at 11:06 AM PDT

I was just reading a nice tip by Peter Bromberg, in his blog entry Simple XOR Encryption.

In Password Hash we used the following delegating class for base-64 encoding.

public class Base64 {    

    public static String encode(byte[] bytes) {
        return new sun.misc.BASE64Encoder().encode(bytes);
    }
   
    public static byte[] decode(String string) {      
        try {
            return new sun.misc.BASE64Decoder().decodeBuffer(string);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}

As an alternative to the XOR'ing approach, we could use this encoding as "encryption" against prying eyes if nothing else, as follows.

    public static void main(String[] args) {
        String parameters = "username=evanx;password=mypassword";
        String encryptedParameters = Base64.encode(parameters);
        System.out.println(encryptedParameters);
        parameters = new String(Base64.decode(encryptedParameters));
        System.out.println(parameters);
    }

which outputs the following

dXNlcm5hbWU9ZXZhbng7cGFzc3dvcmQ9bXlwYXNzd29yZA==
username=evanx;password=mypassword

Developers 1, Managers 0 ;)

Update: this is not encryption, just obfuscation! See my Encryptic follow up.