News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

file encyrption/decryption help

Started by ragdog, December 19, 2006, 06:11:42 PM

Previous topic - Next topic

ragdog

hi @all :bg

I have ask to file encryption/decryption.
I would like bind into my program a file encryption/decryption
which am there better sha-256 or md5?

or is there which better?

greets

ragdog

ecube

Those are hash algorithms actually, used for integrity checks, and others things, and you shouldn't be able to decrypt them :) As far as security goes sha256 is a powerhouse, I actually do have it implemented in MASM, have to ask the author permission to upload it. Also Md5 isn't thought to be as secure as it use to be http://slashdot.org/articles/04/08/17/0030243.shtml. For encryption though I recommend Rc4 or AES. Both are blazing fast, and highly secure. I've used Rc4 a lot for per byte encryption, rc6 is out aswell which was the AES canidate, but it uses 16 byte blocks which kind of annoys me. Heres a rc4 implementation written by "iCeBurg". I did get his permission to post it.


.data?
rc4keytable db 256 dup (?)

.code
Rc4_setkey proc Pass:DWORD, LenPass:DWORD
pushad

mov eax, 0FFFEFDFCh
mov ecx, 256/4
Init_rc4keytable:
mov dword ptr [rc4keytable+4*ecx-4], eax
sub eax, 04040404h
dec ecx
jnz Init_rc4keytable

xor eax, eax
mov edi, Pass

Key_return:
xor ebx, ebx
mov esi ,LenPass
jmp New_key

Key_loop:
inc bl
dec esi
jz Key_return

New_key:
mov dl, byte ptr [rc4keytable+ecx]
add al, byte ptr [edi+ebx]
add al, dl
mov dh, byte ptr [rc4keytable+eax]
mov byte ptr [rc4keytable+ecx], dh
mov byte ptr [rc4keytable+eax], dl
inc cl
jnz Key_loop

popad
ret
Rc4_setkey endp

Rc4_crypt proc iData:DWORD, LenData:DWORD
pushad
mov edi, LenData
mov esi, iData
test edi, edi
jz Rc4_enc_exit

xor eax, eax
xor edx, edx
xor ecx, ecx
        xor ebx, ebx

Rc4_enc_loop:
inc bl
mov dl, byte ptr [rc4keytable+ebx]
add al, dl
mov cl, byte ptr [rc4keytable+eax]
mov byte ptr [rc4keytable+ebx], cl
mov byte ptr [rc4keytable+eax], dl
add cl, dl
mov cl, byte ptr [rc4keytable+ecx]
xor byte ptr [esi], cl
inc esi
dec edi
jnz Rc4_enc_loop

xor eax, eax
mov edi, offset rc4keytable
mov ecx, 256/4
cld
rep stosd

Rc4_enc_exit:
popad
ret
Rc4_crypt endp

;example
comment !
       invoke lstrlen,addr password
       invoke Rc4_setkey,addr password,eax

        invoke lstrlen,addr data
invoke Rc4_crypt,Addr data,eax
!



Great thing about this is like I said its per byte encryption, and writes the encrypted data back into its source instead of an external buffer. So for text strings be sure to add /SECTION:.text,RWX to your linker section.

ragdog

thanks for the information :U

do I know also my file again decypt with this rc4 algo?

have you a aes-256 algo

ecube

Yes to decrypt run through again just like you encrypted with same key, I do have aes aswell but I have to get permission from the author.

ragdog

ok i make a test thanks :U

have you more crypto algos or can me send links

ragdog

to E^cube

help with this algo i can not decrypt my text with same password

:'(

ragdog

my source is posted

[attachment deleted by admin]

ic2

I found xTea in asm last night.  Have not have time yet to add code to it to see it run.  Should be easy to do so.  Hope it help.

Btw: what do you guys think about xTea.  I got an understanding that Tea is weak but xTea is very strong.  Is this a fact?  What do it take to crack it and how many days or years would it take?  What is the recommended key size to make it IMPOSSIBLE to crack?


[attachment deleted by admin]

evlncrn8

tea was / is? brutable, i remember safedisc used it on their protection (still do actually)
bruteforcing it can take a while but 128 bit key took at worst a few hours to break...
so xtea might suffer from the same weakness....

ragdog

thanks all :U

well someone can help me with a good encrypt and decrypt algo?

or can me post examples

greets in forward
ragdog

PBrennick

ragdog,
The attached project is a reasonably secure method using a progressive encryptor that employs a key that can be up to 256 bytes (2048 bits) wide. I use it whenever I need to transfer sensitive data over the Internet. Nothing is uncrackable, but this will keep most people out.

Paul


[attachment deleted by admin]
The GeneSys Project is available from:
The Repository or My crappy website

hutch--

Paul,

Nice demo and works well. I could be tempted to "borrow" this one if its OK with you. I need a pair of algos that will seriously mess up a body of text so nothing can be recognised with it to then pass it through a one pass pad and this looks fast, lean and powerful enough.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

PBrennick

Hutch,
As always, you are welcome to anything I own. Enjoy.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

ecube

ragdog put a

invoke lstrlen,addr pass
invoke Rc4_setkey ,addr pass, eax

before every Rc4_crypt call

PBrennick

Cube,
I have tested RC4 after making the change you recommended. It is not a very good encryptor and I would not recommend that anyone use it. I used 'This is a test' as input and only the first half was encrypted. 'a test' remains unencrypted. I am attaching the project I used for testing.

Paul


[attachment deleted by admin]
The GeneSys Project is available from:
The Repository or My crappy website

ecube

PBrennick i'm going to have to disagree, Rc4 is actually one of the most secure algs in the world, and it's extremely fast


invoke lstrlen,hInput
invoke lstrlen, addr szPassWord
invoke Rc4_setkey, addr szPassWord, eax
invoke Rc4_crypt,hInput,eax


do you see how you messed up here? Simple mistake but you're providing an improper data length for Rc4_crypt



invoke lstrlen, addr szPassWord
invoke Rc4_setkey, addr szPassWord, eax
invoke lstrlen,hInput
invoke Rc4_crypt,hInput,eax


Yeah that didn't fix it, well I don't have time to debug his code but heres 3 examples showing rc4 is a very good encryptor, I show 2 file en/decryption examples and a string example.

[attachment deleted by admin]