Encryption/Decryption

[nitrolic2]

Can someone explain to me what encryption is (for passwords and stuff) and do i need to encrypt my VB programs?

[jcouture100]

I'll give it a shot...

Encryption is a security feature employed by some applications. It ranges from very simple substitution encryption (ie. A=1, B=2, C=3...) to the very complex algorithms (ie. those used by Blowfish, PGP, DES, etc). The level of encryption you use will depend on how secure you need your application or data to be.

Do you need to encrypt your vb apps? If your trying to keep hackers from stealing your apps then you might want to encrypt various data required by your app, but you really wouldn't encrypt the app itself. You would use various distribution tools to protect your software and things like that are a whole other topic. If you are writing applications that store data that you want to be sure is kept under restricted access, then yes, you should definitely employ an encryption algorithm. Search VB World and VB Square for encryption and security for examples of encryption/decryption.

If you want to start using encryption right away, stop by Kedaman's homepage and download his Keda-crypt routine. (My apologies to Kedaman if I mis-spelled the name).

Hope this helps.

[nitrolic2]

Ok thanks

Oh and what about the 128 bit encryption in other words i dont get the whole bit part (concerning encryption)

[kedaman]

No misspellings this time I've seen a lot of variants of my name, maybe they got like that after encryption, hehe.

Anyway, there's both safe keyencryption and a fast algoritm encryption sample on my homepage. Also I have randomseed encryption featured keyencryption, but it's not on my homepage

Here is a really cheap method of Encryption that I just put together now. What it does is it gets the characters, converts them to Ascii and lowers their Ascii code by 1. (So d=c, c=b, b=a etc). Then the decrypt method just reverses it.

To use it, put these in 2 menus called mnuEncrypt and mnuDecrypt. Also, make sure that you have a TextBox on your Form.

Code:

Private Sub mnuDecrypt_Click()

tmpVar = ""
On Error Resume Next
Me.MousePointer = vbHourglass   ' Change Mouse pointer to hourglass
LengthOf = Len(Text1)           ' Get length of text
For i@ = 1 To LengthOf          ' Loop through each character
    rv = Asc(Mid(Text1, i@, 1)) ' Convert character to Ascii
    rv = rv - 1                 ' Lower the ascii value by 1
    tmpVar = tmpVar & Chr(rv)   ' Convert it back to a character
Next i@
Me.MousePointer = vbDefault     ' Change pointer back to default
Text1.Text = tmpVar             ' Display the text

End Sub

Private Sub mnuEncrypt_Click()

tmpVar = ""
On Error Resume Next
Me.MousePointer = vbHourglass   ' Change Mouse pointer to hourglass
LengthOf = Len(Text1)           ' Get length of text
For i@ = 1 To LengthOf          ' Loop through each character
    rv = Asc(Mid(Text1, i@, 1)) ' Convert character to Ascii
    rv = rv + 1                 ' RAISE the ascii value by 1 (so we are back to normal)
    tmpVar = tmpVar & Chr(rv)   ' Convert it back to a Character
Next i@
Me.MousePointer = vbDefault     ' Change pointer back to default
Text1.Text = tmpVar             ' Display the text

End Sub

[kedaman]

Meg, what are you going to do with the nullstring chr(0)?

As I said, It's a small and cheap encryption that i just put together. But Chr(0) will manually be assigned to 255.

[kedaman]

Nice work Rodik, put a Rnd -1 before Randomize and you have a random seed encryptor!

[ycsim]

are there more secure encryption algo which i can use?????

[HAVocINCARNATE29]

you wanted to know about 128 bit...


128 bit encryption just means that there are 2^128 possible keys (BIG number)

56 bit = 2^56 (big number here too)

2 bit = 2^2 (or 4 possible keys)

3 bit = 2^3 (or 8 possible keys)


etc.



anything over 64 bit is considered very secure.

(and if i'm up-to-date on my laws then you cant export anything over 56 bit encryption overseas)

[kedaman]

128 bit means 16 byte keys.
In other words you just need to encrypt a string xoring it against another 16 byte string. By using my keyencryptor you can encrypt with up to theoretically a varlen string which is 2^31 bytes, that is 17179869184 bit encryption!!

But actually it's meaningless since yo never need to encrypt that large strings. But surely you can encrypt large strings with large keys too.

[dangerousdave]

WOW, good stuff! Interesting Idea.

But I dont get it.

Could it be possible to repost the code and heavily comment so I can tell what is being done in every line please Rodik (or someone else who understands it).

[kedaman]

Code:

Function Crypt(Data As String)
Randomize 12345 'create a random seed
For a = 1 To Len(Data) 'go trough all char in string
b = Asc(Mid$(Text1.Text, a, 1)) 'get ascii value
If a / 2 = Int(a / 2) Then d = 5 Else d = -7 'precryption
c = b Xor (Int(Rnd(0) * 255) + a + d) 'xoring against random char
Crypt = Crypt & Chr$(c)
Next a
End Function

[dangerousdave]

Rnd(0) errr, call me thick, well actually dont, but wouldnt that like generate 0 no matter what?

And whats "Precryption"?

And even if the 'Rnd(0)' did generate a random number, it wouldnt generate the same random number second time round so Xor'ing with b would just encrypt further, obviously I'm wrong, but still, tell me why not anyway!?!??!?

[kedaman]

From vb help:

Code:

Return Values

If number is	Rnd generates
Less than zero	The same number every time, using number as the seed.
Greater than zero	The next random number in the sequence.
Equal to zero	The most recently generated number.
Not supplied	The next random number in the sequence.

Precryption is when you put an extra crypting method before the actual to ensure the method get varied results if you put the same or a string that is like the other.

Originally posted by ycsim
are there more secure encryption algo which i can use?????

Go to planet-source-code.com and look up RC4 Encryption.

Here is the most updated version of it.

http://www.planet-source-code.com/vb...txtCodeId=5375

[kedaman]

RC4 is slow

The new version is now much faster.

[kedaman]

I'll have a look on it

[Gen-X]

To explain it in the most simplest terms....

"encryption" is a method of hiding something in such a way that YOU know how to "unhide" it and THEY can't work out how you did it.

If you try to use repeating patterns (like most of the examples given here) where I put the same letter into the same position and get the same answer... then I can BREAK the encryption by feeding strings into it that I know and using the output to "reverse-engineer" the tequnique you used.

The whole reason 128-bit encryption works so well is NOT because its good... but because it knows it would take forever to actually break the code.

I would suggest instead using some form of randomized positional encryption with a decoding array. This way parts of your encrypted output are actually "indicators" to the source reading it how to decypher the randomization... IN this way you could "encrypt" the same string twice and never have both equal to the same value and STILL maintain encryption.

It can still be broken but it takes people a damn sight longer to work out what you are doing than what is feasible... and if they are able to crack it then they bloody well deserve to get what they want because they are that good

[parksie]

if you only want to do something like passwords checking, as in:

enter password -> encrypt (store encrypted password)

verify password -> encrypt (check stored / new)

You can use MD5 for this, and there is a variety of considerably stronger one-way techniques.

[Kersey]

Safe filetransfer:
write a floppydisk or cd full with random data,copy it for the decoding party and deliver it personally.
Have a pointer to select a random location on the random data.
Encrypt your file with the random data starting at the pointer's position.
Send the pointer and the encrypted file to the receiver which can only decode the message because he has the access point and the same random code.

[steve65]

I had the same problem about a week ago. All of the information I needed was at http://ciphersaber.gurus.com/ and the links contained at the site.

I am by no means an expert but I can copy well.

In brief there a 5 steps that you need to go through to encrypt something.

1. Get you key phrase (password) from the user.
2. Create a key using the password.

What we are doing is getting the ASCII value of the password entered and assigning it to the Key.

3. Create an Initialization Vector (This is not required but is an excepted practice for CipherSaber)

The IV is used to further randomize the Encryption, without it if you enter the same text and passphrase the output text will always be the same. The only drawback is you have to save this randomly generated 10 byte array and then extract it when you want to decrypt the text. I put mine in the same file that I am putting my encrypted text in.

We take the IV and add it to the end of the end of the key.

4. Initialize the state.

The state is a 255 byte array which will be used later to encrypt the text.

We assign the bytes 0 to 255 to the array.

Using the combined key which contains the passphrase and the IV we really mix up the order of the state array.

5. Encrypt or Decrypt you text.

Now using the state you just shuffled this get XOR'd with the plaintext to be encrypted. Now honestly I don't understand how the XOR works but it does. Maybe somebody out there can explain it better.

I am also not sure why the state array is swapped again.

I hope this helps.
Steve




**** Global Variables Used ****

Dim State(0 To 255) As Integer 'S-Box
Dim Key(0 To 255) As Integer
Dim KeyLength As Integer
Dim IV(0 To 9) As Byte

**** Create a key using the password ****

Private Sub InitKey(PassPhrase As String)

' The Key is 256 bytes

Dim i As Integer
Dim j As Integer

j = 0

KeyLength = Len(PassPhrase)

' Initialize the Key array
For i = 0 To KeyLength - 1
j = j + 1
Key(i) = Asc(Mid$(PassPhrase, j, 1))
Next i

End Sub

**** Create an Initialaztion Vector ****

Function CreateIV(FileName As String) As Boolean
' initialization vector combined with the PassPhrase creates the Key

Dim i As Integer
Dim TempBinaryFile As Integer

CreateIV = False

If FileExists(FileName) = True Then Kill (FileName)

TempBinaryFile = FreeFile
Open FileName For Binary As TempBinaryFile

Randomize Timer

For i = 0 To 9
IV(i) = Rnd * 256
Key(KeyLength + i) = IV(i)
Put TempBinaryFile, , IV(i)
Next i
KeyLength = KeyLength + 10

Close TempBinaryFile

CreateIV = True

End Function

**** Read Initialaztion Vector (Only needed during Decryption) ****

Function ReadIV(FileName As String) As Boolean
' initialization vector combined with the PassPhrase creates the Key

Dim i As Integer
Dim TempBinaryFile As Integer

ReadIV = False

TempBinaryFile = FreeFile
Open FileName For Binary As TempBinaryFile

If LOF(TempBinaryFile) < 10 Then Exit Function

For i = 0 To 9
Get TempBinaryFile, , IV(i)
Key(KeyLength + i) = IV(i)
Next i

KeyLength = KeyLength + 10

Close TempBinaryFile

ReadIV = True

End Function

**** Initialize the state ****

Private Sub InitState()

' The State array is subjected to 256 mixing operations using a loop that steps "i" through the values from zero to 255. Each mixing operation consists of two steps:
'
' 1. Add to the variable "j" the contents of the "i"th element of the state array and the "n"th element of the Key array.
'
' 2. Swap the "i"th and "j"th elements of the state array.

Dim TempSwap As Integer
Dim i As Integer
Dim j As Integer

i = 0
j = 0

'INI S-Box

' Initialize the State array
For i = 0 To 255
State(i) = i
Next i

j = 0

For i = 0 To 255
j = (j + State(i) + Key(i Mod KeyLength)) Mod 256

' Swap( State(i),State(j) )
TempSwap = State(i)
State(i) = State(j)
State(j) = TempSwap
Next i
End Sub

**** Encrypt or Decrypt you text ****

Public Function EnDeCrypt(TempString As String) As String
' During the ciphering operation, the following steps are performed for each byte of the message:
'
' 1. The variable i is incremented by one.
'
' 2. The contents of the ith element of the state array is then added to j
'
' 3. The ith and jth elements of the state array are swapped and their contents are added together to form a new value n.
'
' 4. The nth element of the state array is then combined with the message byte, using a bit by bit exclusive-or operation, to form the output byte.
'
' 5. The same ciphering steps are performed for encryption and for decryption.

Dim Counter As Integer
Dim i As Integer
Dim j As Integer
Dim k As Integer
Dim TempSwap As Integer
Dim TempByteArrayOrg() As Byte
Dim TempByteArrayNew() As Byte

EnDeCrypt = ""

i = 0
j = 0

ReDim TempByteArrayOrg(Len(TempString))
ReDim TempByteArrayNew(Len(TempString))

'Convert the plain text to it's equivlant unicode values
TempByteArrayOrg = StrConv(TempString, vbFromUnicode)

' Save the individual bytes of the plain text in CipherString

For Counter = 0 To UBound(TempByteArrayOrg)

' If the plain text is greater than 256 characters then MOD i
i = (i + 1) Mod 256
j = (j + State(i)) Mod 256

' Swap( State(i),State(j) )
TempSwap = State(i)
State(i) = State(j)
State(j) = TempSwap

'Generate Keybyte k
k = State((State(i) + State(j)) Mod 256)

'Plaintextbyte xor Keybyte
TempByteArrayNew(Counter) = TempByteArrayOrg(Counter) Xor k

Next Counter

EnDeCrypt = StrConv(TempByteArrayNew, vbUnicode)

End Function

[HeSaidJoe]

'to encrypt a password (string)...
'
'-----------------------------------------------------------------
'
Public Function Encrypt(Text As String, Password As String)

On Error Resume Next

Dim X As Long
Dim Y As Long
Dim CurChar As Byte
Dim CurChar1 As Byte
Dim CurChar2 As Byte
Dim EncText As String
Dim UnEncText As String
Dim CodeLoop As Integer
Dim Code As Byte
Dim LoopVar As Byte
Dim FirstLetter As Byte

UnEncText = Text & Password

LoopVar = 1
Do While LoopVar <> Len(Password) + 1
CodeLoop = CodeLoop + Asc(Mid(Password, LoopVar, 1))
LoopVar = LoopVar + 1
Loop
Code = Int((CodeLoop / LoopVar / 2)) - 1
FirstLetter = Int(Asc(Mid(Password, 1, 1)) / 2) - 1
X = 0
Y = Len(UnEncText)
Do While X < Y
X = X + 1
CurChar = Asc(Mid(UnEncText, X, 1))
CurChar1 = Int(CurChar / 2) + FirstLetter
CurChar2 = Int(CurChar / 2) + Code

If CurChar1 - FirstLetter + CurChar2 - Code <> CurChar Then CurChar2 = CurChar2 + 1
EncText = Chr(CurChar1) & Chr(CurChar2) & EncText
Loop
Encrypt = EncText
End Function
'
'-----------------------------------------------------------------
'
Public Function Decrypt(Text As String, Password As String)
On Error Resume Next
Dim X As Long
Dim Y As Long
Dim CurChar As Byte
Dim EncText As String
Dim CodeLoop As Integer
Dim Code As Byte
Dim LoopVar As Byte
Dim FirstLetter As Byte
LoopVar = 1
Do While LoopVar <> Len(Password) + 1
CodeLoop = CodeLoop + Asc(Mid(Password, LoopVar, 1))
LoopVar = LoopVar + 1
Loop
Code = Int((CodeLoop / LoopVar / 2)) - 1
FirstLetter = Int(Asc(Mid(Password, 1, 1)) / 2) - 1
X = 0
Y = Len(Text)
Do While X < Y
X = X + 2
CurChar = Asc(Mid(Text, X - 1, 1)) + Asc(Mid(Text, X, 1)) - Code - FirstLetter
EncText = Chr(CurChar) & EncText
Loop
If Len(EncText) = 0 Then
Decrypt = ""
Else
If Len(Password) > Len(EncText) Then
Decrypt = "Wrong password."
Else
If Password = Mid(EncText, Len(EncText) - Len(Password) + 1) Then
Decrypt = Mid(EncText, 1, Len(EncText) - Len(Password))
Else
Decrypt = "Wrong password."
End If
End If
End If
End Function
'
'------------------------------------------------------------------
'
'to encrypt
'
Text1.Text = Encrypt(text1.text, "*.%jl;")
'
'To decrypt is just as easy.
'To decrypt Text1 and put it in Text2, use this:
'
Text1.Text = Decrypt(Text1.Text, "*.%jl;")

'
'========================================================================

'Encrypt/Unencrypt a file
'================================
Option Explicit
'
Private Function EncryptFile(sFile As String, iKey As Integer)

Dim iFake#
Dim x As String * 1

Dim lP As Long, z
Dim intNum#
intNum = FreeFile

iFake = Rnd(-1)
Randomize (iKey)


lP = 1
Open sFile For Binary As intNum

While lP <= LOF(intNum)

Get #intNum, lP, x

z = Asc(x) + Int(Rnd * 256)
If z > 255 Then z = z - 256

x = Chr(z)

Put #intNum, lP, x

lP = lP + 1


Wend

Close #intNum

MsgBox "Your file has been encrypted."

End Function


Private Function DecryptFile(sFile As String, iKey As Integer)

Dim iFake As Integer
Dim x As String * 1

Dim lP As Long, z
Dim intNum#

intNum = FreeFile

iFake = Rnd(-1)
Randomize (iKey)


lP = 1
Open sFile For Binary As #intNum

While lP <= LOF(intNum)

Get #intNum, lP, x

z = Asc(x) - Int(Rnd * 256)
If z < 0 Then z = z + 256

x = Chr(z)

Put #intNum, lP, x

lP = lP + 1

Wend

Close #intNum

MsgBox "Your file has been unencrypted."

End Function

' <<<< Form Event Code >>>>


Private Sub Command1_Click()

Call EncryptFile("a:\book1.xls", 44)

End Sub

Private Sub Command2_Click()

Call DecryptFile("a:\book1.xls", 44)

End Sub