MD5 and TripleDES encryption in .NET

The .NET Framework provides classes for MD5 hashing and TripleDES encryption, both of which, when used together with a good enough key, form a good cryptographic system for your application. There are a lot of scenarios one can think of where encryption can be put to good use in both Desktop and Web applications. The following code snippet provides functions for encryption and decryption using MD5 and TripleDES.

What you need to include in the usings list is System.Security.Cryptography and System.Text and you are good to go. Making the functions static is just one of the best practices.

public class Utils
{
    public static string Encrypt(string toEncrypt, string key, bool useHashing)
    {
        // Convert both strings to byte arrays - you can use encoding other than UTF8
        byte[] keyArray = UTF8Encoding.UTF8.GetBytes(key);
        byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
 
        if (useHashing)
        {
            // Hash the key
            MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
            keyArray = hashmd5.ComputeHash(keyArray);
            hashmd5.Clear();
        }
 
        TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider
        {
            Key = keyArray,
            // The following line is controversial - follow the link below the snippet
            Mode = CipherMode.ECB,
            Padding = PaddingMode.PKCS7
        };
 
        ICryptoTransform cTransform = tdes.CreateEncryptor();
        // Transform and store in resultArray
        byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
        tdes.Clear();
 
        return Convert.ToBase64String(resultArray, 0, resultArray.Length);
    }
 
    public static string Decrypt(string toDecrypt, string key, bool useHashing)
    {
        byte[] keyArray = UTF8Encoding.UTF8.GetBytes(key);
        byte[] toDecryptArray = Convert.FromBase64String(toDecrypt);
        if (useHashing)
        {
            MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
            keyArray = hashmd5.ComputeHash(keyArray);
            hashmd5.Clear();
        }
 
        TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider
        {
            Key = keyArray,
            Mode = CipherMode.ECB,
            Padding = PaddingMode.PKCS7
        };
        ICryptoTransform cTransform = tdes.CreateDecryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(toDecryptArray, 0, toDecryptArray.Length);
        tdes.Clear();
        return UTF8Encoding.UTF8.GetString(resultArray);
    }
}

FYI, here is the controversy.
As you can see, both functions are quite similar except for precisely 2 lines. The Clear() function on both occasions are required because MD5CryptoServiceProvider and TripleDESCryptoServiceProvider classes are "managed wrappers around unmanaged resources". Putting the Encrypt and Decrypt functions to use in your application would look like this:

string encrypted = Utils.Encrypt("Password", "Key", true);
string original = Utils.Decrypt(encrypted, "Key", true);

Just make sure that you use the same key in both the lines, wherever the lines may be (they may be in two different applications referencing a common dll containing these functions) and the same hashing parameter as well. Happy encryption!