News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

file encyrption/decryption help

Started by ragdog, December 19, 2006, 06:11:42 PM

Previous topic - Next topic

Ehtyar

Mark, i believe you are referring to The Gutenberg Project, though last i checked they have a very limited variety of technical books.
Also, you can check out Agner Fog's page on pseudo-random number generation here.

Hope this helps, Ehtyar.

Mark_Larson

Quote from: Ehtyar on December 26, 2006, 04:31:01 AM
Mark, i believe you are referring to The Gutenberg Project, though last i checked they have a very limited variety of technical books.

Ehtyar.

  Thanks Ehtyar! :)  I was having a brain fart last night when I was trying to remember the name.  It doesn't matter if the books are technical.  I downloaded a large number of books at random, and removed all the spaces to make it better as a key. 

BIOS programmers do it fastest, hehe.  ;)

My Optimization webpage
htttp://www.website.masmforum.com/mark/index.htm

Ehtyar

Oooooooooooooh, i see what you mean :) Very clever :U

Ehtyar.

PBrennick

The thing to remember here is that a pad IS a key, albeit a very large one.

Lotus Notes has made good use of this method of sending keys (pads) for years.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

ic2

What would be the recommended minimum and maximum key size for a 500k file to reach the security level that hutch is speaking of?

And which algos in the m32Lib should I use.  I think these are the three:  roldata.asm, rordata.asm and xordata.asm.  Are there more?

hutch--

ic2,

The source length or longer with the pad being encryption standard random data.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

ic2

standard random data meaning any kind of plain text with no spaces as Mark_Larson indicated and  at any size as long as it the size of the source or larger.  I think I get it now.

Thanks hutch

hutch--

I don't thoink you got the idea exactly. Encryption standard random data is somewhat more complex than pseudo random data from random generators. It almost exclusively has an external real world source, radioactive decay, sub-sonic radio noise from the universe etc ..... You can write software where you create the seed random pad with a mouse where you drag it around a pad in an uneven manner but the random data must be truly unpredictable in its source otherwise it is trivial to duplicate it.

The idea that Mark has is OK but its short of being powerful enough for serious encryption of data that must be secured. By using plain text, the vast majority of it is lower case so you reduce the deviation range from 256 to 26 which drastically reduces the complexity of the pad.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

PBrennick

I have heard of people using TIF files to do this. Scan your favorite picture and you have a block of data!

Paul
The GeneSys Project is available from:
The Repository or My crappy website

MichaelW

eschew obfuscation

Ian_B

Quote from: PBrennick on December 27, 2006, 02:57:58 PM
I have heard of people using TIF files to do this. Scan your favorite picture and you have a block of data!

Paul

It sounds like it should be a neat idea, but most pictures may have large uniform areas of flattish background colour where the repeating colour data will be very regular indeed, certainly worse than Mark's text method. I just opened one of my own TIF image files and there are many areas that don't look at all random to me and a large repeating section of mostly zeroes close to the end that I presume is some sort of padding.

I think for a TIF to be seriously usable in this way it would have to be of a very complex subject with much high-contrast (both colour and shade) fine detail all over, close to the pixel level. This doesn't sound like most "favourite" photos, sadly.

IanB


PBrennick

Ian,
Yes, that is correct, but remember that the algorythm will not return a string of constant values in the same manner. For example, I created a file with 256 zeroes in it and encrypted it using my program with my private key and this is what I get...


æqS!ÖœÍ%JJ"‡åŸ?ªÎnèJTÚKÚ`×+ÑÁ«öPñ£Ä¸2@ç?§=L¬ .?¼åÝ»ºLƒ•:™Ý^³gx"0à¥^tÌ‡Ò 0_ÄUî–Ê çžl˲G?_ÌEX°XÒ¾&AŒN\±5¯¤IdDÙVôaý»êGÞ¸PA
ĪV ü Í™¬ijp'?VŒESÖet2&9úcê¦i£¸...koëM T®F†s{:Œsæ}Mvwvt¦"ˆl´7Þ+(‰€·ôxÁÇv1
%8>] s@–2:É$aH?Cy"šö¤è±/9? g¸^çÄ<GDyÙè


So appearances can be deceiving.

Michael,
That is a GREAT link. I did not know that advapi.lib contained that stuff and it is even in the windows API help file. I searched, and found, CryptEncrypt and CryptDecrypt. I need to play in this area some more!

Thanx,
Paul
The GeneSys Project is available from:
The Repository or My crappy website

Ian_B

#42
Just a small thought... The objection to Mark's massive text pad was the limited range of the data, therefore the easy way to remedy this is to "spread" the range to cover a whole set of byte values. Since the most common range of text characters in books will be the lower-case ASCII chars, which occupy 1/8 of the ASCII range, and as noted there will be ranges simply not covered at all, such as 0-33 and 127-255, just multiply the pad value by 8 to fit to the full byte range (ADD/ADD/ADD ignoring overflows), then add a variable offset to fill in the seven char gaps between the new values, say the number of pad characters since the last "e". That should give a fairly full coverage of byte values. I leave it to others to decide whether that is sufficiently random for the purpose.

IanB

WiteG

Before you will use any block cipher for file encryption i would suggest you reading this wiki article.
If you will choose RC4 follow this link.. just to be warned  :wink
-
According to the first question : SHA256 is much better choise than MD5.

PS.
QuoteHeres a rc4 implementation written by "iCeBurg"
This RC4/aRC4 implementation was written by me, not iCeBurg. You can find it on my site.

NervGaz

Just to add to the rather interesting discussion on random number hee 's a little something i found ages ago in phrack...
http://phrack.org/archives/59/p59-0x18 thought it might be of interest depending on how involved you wanna get