|
-
Jan 7th, 2001, 09:52 PM
#1
-
Jan 7th, 2001, 10:12 PM
#2
Frenzied Member
Blow fish is a very good encryption scheme and its not crackable reallistically (of course, if the US intelligence decides to break it, it won't take them long). It may or may not suite your needs in terms of its speed to safety ratio. BlowFish leans towards the safety side. im not sure about its price, though.
-
Jan 7th, 2001, 11:27 PM
#3
Frenzied Member
Why ask us?
If you want reliable opinions, search the web or hunt for literature. These has been a lot published on this subject.
There are some of us here who have knowledge of this subject, but I would be surprised to find any real experts here.
It would make sense to decide what you really want to do before deciding on the encryption scheme.- Are you encrypting your own files, intending to decrypt them yourself? In this case, there is no "downstream loading" to consider.
- Do you expect your utility to be used by an individual who wants to encrypt his own files? Once again, there is no downstream loading problem.
- Are you intending the encryption to be done by a "sender" and the decryption to be done by a "recipient," different from the sender?
- Will the sender be encrypting files for more than one recipient? Do you want recipient A to be able to decrypt files sent to recipients B, C, and D? Do you want each recipient to be able to decrypt only the files sent to him?
- Do you want to comply with govermnment regulations relating to encryption?
- Are the computers doing the encryption secure? Must you worry about a cracker having access to a recipients's computer?
- Are you encrypting simple text? Are you encrypting Bit maps, giff files, Word Processing documents?
- Are the recipients of your messages next door neighbors? Are they in another country? Do you ever meet them in person?
- Is it possible for a cracker to guess any of the content of your messages? Might he be able to guess the general format?
Given the answers to the above, how uncrackable do you want your files to be?
One size is not likely to fit all of the above situations. If "downstream loading" is a potential problem, perhaps a public key system might be the way to go. Otherwise, it is likely to be a pain, and simple "Xor encryption" might be worthwhile.
If a few other safeguards are used (for example some shuffling algorithms), Xor encryption with a long key is almost impossible (if not impossible) to crack. With long keys that change regularly, Xor encryption is not crackable at all without special information about the content of the messages.
I think that encryption using computers can be made absolutely safe if the computers doing the encryption are secure. Prior to computers, it was impractical to use uncrackable methods. After all, what good does encryption do if it takes weeks or months to encrypt a message and weeks or months to decrypt it?
Live long & prosper.
The Dinosaur from prehistoric era prior to computers.
Eschew obfuscation!
If a billion people believe a foolish idea, it is still a foolish idea!
VB.net 2010 Express
64Bit & 32Bit Windows 7 & Windows XP. I run 4 operating systems on a single PC.
-
Jan 11th, 2001, 07:20 PM
#4
Hi Guys,
Thanks for the reply.
Guv,
The reason i am asking u guys that many people here may have written such programs. And i am planning to write this app in VB so i need to know if the Encrytion Algorithm can be implemented in VB.
Here are the answers to your questions.
- The utility is for everyone not just for myself.
- Again the utility is for everyone not just for myself.
- The encrypted files will be mainly decrypted by the same person but not always.
- No, Anyone with the password (the one used to encrypt) should be able to decrypt the files.
- Yes, I want to comply with the government regulation (UK)
- I don’t know the end users security level on their pc. But I want the encrypted files to be pretty safe so even if crackers have access to the file they shouldn’t be able to crack it easily.
- The Utility will encrypt any types of file not just plain text.
- As i said before it’s a general purpose encryption/decryption utility, so they be used to encrypt personal files or transfer encrypted files over the net. So in both cases it should be fairly safe.
- As this app will encrypt all types of file I am not aware of the file format.
Is it realistic to have two algorithm one which is relatively safe but Fast and another one Very secure but slow. I just want the user to give the option.
Again i really appricate your help.
Thanks
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by : 
-
Jan 11th, 2001, 08:22 PM
#5
Frenzied Member
Some thots.
Most of the following was posted to another thread. Xor encryption should be sufficient for your purposes. A good program could be written to fit on a Diskette, but VB might not produce compact enough code. I mention putting the code on a Diskette as a security measure.
A previous post gave excellent definitions of the logical operations, but it is not obvious how to use them for encrypt/decrypt. The Xor operation provides quite powerful encryption, and is easy to code.
The following will give you a clue. I am pretty sure I did not make a typo in the code, but it was made up without running it for verification. The concepts are correct.
Code:
Option Explicit
Public Mask as Long
Dim EncryptedValue as Long
Dim ClearValue as Long
'At the heart of the encrypt/decrypt code,
'you can use the same function.
EncryptedValue = NewValue(ClearValue) ‘Encrypt ClearValue
ClearValue = NewValue(EncryptedValue) ‘Decrypt, restoring ClearValue
Public Function NewValue(OldValue As Long) As Long
NewValue = OldValue Xor Mask
End Function
The above pieces of code work because the Xor Operation undoes itself when repeated. The following code shows valid Identities.
Code:
Value = Value Xor Mask Xor Mask
Value = Mask Xor Value Xor Mask
The general idea is to choose a "Mask" say 128 bits long (4 Longs, 8 Integers, 16 Bytes). The longer the Mask, the harder it will be to crack the code without knowing the Mask.
Then convert text into binary data: Longs, Integers, Bytes. Divide into chunks as long as the Mask, padding the last part with random garbage (not zeros or blanks). Xor the binary data with the Mask. To decrypt, Xor encrypted data using the same Mask, and convert result to Text.
The easiest text to binary conversion is to use the ASCII equivalent of each character. You pad with garbage because padding with a fixed character makes it easier for a hacker to figure out the last few bytes of your Mask. A human can ignore a few garbage characters at the end of a message. If it is important to strip garbage when decrypting, the encryption code can always encrypt a single digit at the end of the message which specifys the number of characters of garbage to be eliminated (If last decrypted byte is not a digit, there is no garbage). The decryption code can analyze the last decrypted character and act accordingly.
Some further suggestions.- For many purposes, you can eliminate the text to binary conversion by reading the text file as chunks of binary data, and doing the encryption directly on the data read from the file.
- If you are encrypting standard files, like MicroSoft Word or WordPerfect files, you should include a "shuffling algorithm" as part of your encrypt/decrypt. A clever hacker who guesses the type of files being encrypted can use his knowledge of the preface to such files as an aid to hacking your encryption.
- If encrypting many types of files, you might have to include the type of file (".doc", ".wpd", ".txt" et cetera} as part of the encrypted data, allowing the decryption process to figure out what to do with the decrypted file.
- Avoid having the same data in the same position of the encrypted data. Example: For Word files, ".doc" should not appear in the same place every time. It should be embedded in a random spot with a search key, allowing the decryption code to find and remove it.
- Using a "shuffling algorithm" makes it much tougher for a code cracker. Say you are using a 512 bit Mask (64 bytes). Before encrypting, pad with random garbage so that the length of the clear data is evenly divisible by both 64 and (say) 27 (9 or 5 would tend to require less padding). Encrypt. Then use your "Shuffling algorithm" to rearrange 27 bytes chunks. When decrypting, un-shuffle first and then decrypt. See above for suggestions on encoding amount of garbage when encrypting and stripping it during decryption..
Live long & prosper.
The Dinosaur from prehistoric era prior to computers.
Eschew obfuscation!
If a billion people believe a foolish idea, it is still a foolish idea!
VB.net 2010 Express
64Bit & 32Bit Windows 7 & Windows XP. I run 4 operating systems on a single PC.
-
Jan 15th, 2001, 08:04 PM
#6
Hi,
Thanks for your replies. Can you guys tell me if i can implement any of the following theree Encryption Algorithm in VB.
1. DES
2. PGP
3. BlowFish
Please note that i dont want to encrypt just plain text, i want to be able to encrypt/decrypt any types of file.
And i would still like to know which one of the avobe algorithm is best/safest/fastest.
Thanks again
[Edited by Danial on 01-15-2001 at 08:08 PM]
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by : 
-
Jan 16th, 2001, 08:31 AM
#7
Junior Member
Hi!
1. I'm pretty sure ypu can implement just about any cryptygraphic algorithm in VB, it's really all about getting the math and logic right.
2. I'm not sure PGP is actually considered an algorithm. The actual algorithm used in PGP is normally IDEA.
3. "Plain text" is commonly used to represent no encrypted or decrypted data not readable characters. Also, a file wich contains text (ASCII) is in fact also a binary file. it can be read in chunks of say 128 bits and encrypted. When decrypted the file still contain the same binary structure, allowing to be read 1 byte at a time.
4. The DES algorithm has been used since the 70's and was the first public algorithm to be reviewed by the NSA, this might tell you something of its cryptographic quality.
Generally there's a lot of questions to be asked and answered before choosing an algorithm, for example:
Q: Who is the enemy?
If it's the intelligence community then the cryptographic strength must be of world class, also you must consider protecting the plain text from being stolen by government agents while on holiday.
Q: How much can it cost?
Good algorithms and a review of your app will cost you some bucks.
There are a lot more questions and a lot more to be said on the algorithms. Personally i don't have the skill to tell the quality of them, only what others have told me.
regards
Jeppe
-
Jan 16th, 2001, 09:19 AM
#8
Fanatic Member
-
Jan 16th, 2001, 09:32 AM
#9
Junior Member
faisalkm wrote
-
I'm not sure...What about using Microsoft's Crypto API which uses some Hashing Algoritham?
-
I'm not sure for what purpose you want use it(except making digests of data)?
Regards
Jeppe
-
May 31st, 2003, 07:51 AM
#10
Registered User
Oriental languages packages and Blow Fish
Sorry to bring this up again, but I seem to have a pretty serious problem with Blow Fish.
On a freshly installed XP mahine when I encrypt this string:
gvb\#\vbcvb\#\vxcbcv\#\nvbnvmn\#\vbmvbm\#\vbczv\#\vbcxv\#\xcvb\#\cvbnczv*USER_PSWD:qaz_qazwsxedc*LIC :5*LOCAL_HOSTNAME:msixpwinxpfr*DNGL_SN:827168014
I get :
FA7A06ABC082CAAA62A5DDBC7FBDEB091594F55B8E15F718257F32F8D27E4D8009997DE341432D5F693DE704A93506730FE1 36EEED4992DDD2E55F213BB64D515B760C647561001A417A529EDDB6C4DBEAEF6E435B159F7ED65D4BD1B538DB7BC74DC7B6 A3BBCCE942833D8BBC804B7E6CA59DC92650A26A2DF3F757AB06C4048483ECE6A583AD9B25710016DC8922DA120AA0895A5F 6520
Then when I decrypt it using a different machine I do get by original string.
Now, when I install the oriental languages (Arabic in this case), and run the same encrypted string on my 2nd machine I get:
Š„Ø•Ê ½:}ý@TK6¡«PÁ¬´œw÷ÅÌù{._¤©h%÷˜/ñ\'!_ž¼†—©`Íï7×¶{Äw&ÊTHãnò±7äFh±ì&6Ç„)tõÁv¤î¶Ú_—J‚Ë(lŸµsï� �'jéž ³p¦€0#õ²<8³0C\¶3…éÄSS=`Ö´Ùǽ“9Ùt
Does anyone know why I get this and what in Windows or Blow Fish causes this rather critical problem??
I need to be able to encrypt on one pc and decrypt on another as the information contains licencing stuff for a piece of software.
Any help would be appreciated. Thanks.
-
May 31st, 2003, 07:52 AM
#11
Registered User
The oriental languages are installed on the first machine, where the clear text bit is encrypted and then decrypted on a second 'normal' machine.
-
Jun 30th, 2003, 02:51 PM
#12
Registered User
-
Jul 1st, 2003, 10:28 PM
#13
Lively Member
ok first of all..jeppe.. is the IDEA algorith hackable b/c from wehat ive heard its not and i have pgp and havent found a problem with it.. also.. if anyone wants PGP for free just let me know.. i got acopy
-
Jul 2nd, 2003, 01:52 AM
#14
Registered User
Yes, send me a copy. Thanks. [email protected].
Thanks.
-
Jul 2nd, 2003, 04:05 AM
#15
Frenzied Member
I like RCA
-
Jul 2nd, 2003, 04:06 AM
#16
Registered User
What do u think of capicom?
Easy enough to implement. But are there any issues with it?
-
Jul 2nd, 2003, 04:23 AM
#17
Retired VBF Adm1nistrator
RSA RSA RSA
Microsoft MVP : Visual Developer - Visual Basic [2004-2005]
-
Jul 2nd, 2003, 04:27 AM
#18
Registered User
Where can I get code and examples?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|