Encryption for file

[ahmad]

Hi Guys,
I have another challenge problem if any body could help me in it.
Encryption/Decryption:
An encryption/decryption system. Write a program that reads a text file, uses the random number generator designed below, then performs a XOR operation between the randomly generated value and two consecutive characters of the file.
Each character is encrypted by XORing the two 8-bit ASCII codes of the characters from the
file with the 16-bit generated random number.
Example: assume the characters to be encrypted are 'AB' = 41H 42H and the random
number is X = 12AAH. Then, the encrypted character will have the ASCII code XC =
53E8H. If the following operation is performed: XC XOR X = 4142H = 'AB'.

The Random Generator
.DATA
                SEED  DW 1000000000010110B ; Intialazation of the REG.
   MASK DW 10001101B

.CODE
;*********************(Random Number Generator)*************
RANDOM PROC NEAR
   PUSHA
   MOV CX,65535 ; To do the operation
   L1:
   MOV AX,SEED
   SHR SEED,1
   AND AX,MASK
   MOV BX,AX
   MOV AL,0
   MOV CX,16
   L2:RCL BX,1
   ADC AL,0 ; Check what it is
   LOOP L2
   MOV NUMBEROFONES,AL
   AND NUMBEROFONES,1
   JZ DONE ;If it is ZERO then go to DONE to Display 
   OR SEED,8000H
DONE:   MOVZX EAX,SEED
   CALL DISPGEN
   CALL NEWLINE
   LOOP L1
   POPA
   RET
RANDOM  ENDP

NOTE that I'm using Pentiuim-4 Processor.
Thanks

[Mincho Georgiev]

Well, if it's "random" ,what about decryption then, you have to store the generated rnd number so the bytes can be xor-ing back again.
And 2nd , when you make encryption ,you always MUST be sure that the result of xor-ing WON'T be ZERO! (in that case you have NULL terminated string)
Think about those two and regards!

[ahmad]

What If I call the Encrypt procedure twice, I think first time it will Encrypt and second time it will Decrypt.Because the Encryption and Decryption will be inside same file.
Thanks

[MichaelW]

ahmad,

Are you aware that your code is using the MASM reserved word MASK for a data label? And that the L1 loop will not terminate because CX is being set to zero by the L2 loop?

[gabor]

Hi!


The XOR has that comfortable feature that doing it twice will restore the original value. XOR (XOR data,rnd),rnd=data.
But, you have to ensure that the 2nd operand, tha rnd value is the same as the one at the encoding.
With a rand generator that uses a seed only (no actual second of time, or other running enviroment dependent parameters are involved) it is possible to satisfy that condtion. The output random number is affected and only affected by the seed.
So, yes you can use the same function for encyption/decryption IF the rand generator works as I suggested.
It would be a good thing to use different rand seeds for every character (or group of characters). In this case the seed too must be stored in the encrypted file.
The decryption reads the seed, applies it to the rand generator and decrypts the followin character(s).

To make your encrypted data more difficult to decypher you could use some correlation (say bit scrample) between the characters or character groups. Look for DES-Data Encryption Standard in the Internet for more infos!


Greets, Gábor

[ahmad]

MichaelW,
So how can I terminate the loop L1, while I  need to inttilaize CX twice first for L1 and second for L2?
Thanks for All

[MichaelW]

One easy method would be to preserve CX around loop L2, like so:

Code Select Expand


PUSH CX
MOV CX,16
L2:RCL BX,1
ADC AL,0 ; Check what it is
LOOP L2
POP CX


[ahmad]

Hi Everybody,
Thanks for MichaelW, gabor, shaka_zulu and every one.

[aaustin]

Hey Ahmad,

Your best bet is to use an input value for decoding. For instance, if rather than using a random number generator, you use a normal number calculation algorithm, (normal numbers are those which sequence through most combinations of values, giving a hacker no real clue as to a possible decode sequence) then you don't need to rely on "random" numbers or storing a really long bitstream for decoding. Rather than remembering a really long number, you simply have, say, a 64-bit offset to a relatively random sequence of bits to decode the message (you don't store this number but simply write code to calculate the value of the normal number at a certain offset). This is easier than remembering the really long random number, but requires some more programming time. Pi is one such number up to a certain digit length, and there is a digit extraction algorithm to calculate digits of Pi without finding the ones before them. If you don't make the random string long enough, there are good ways for a computer to analyze the message and find a short repetative cipher to decrypt the message so that it makes sense.

[hutch--]

If you are going to use XOR encryption, produce a technique to create high quality random byte sequences which you then XOR with your data 1 byte at a time. There are a couple of algos in the masm32 library that are fast enough to do the XOR or SHIFT style encryption but the real action is in highly random "pads" which need to be unique for each piece of data you wish to encrypt.

These one "pass" or one "shot" pads are effectively impossible to break if they are unique to each piece of data but if your opponent is a national security agency with a gang of super computers, each reuse of the same pad degrades the encryption.

A trick is to have a very large random pad available and my suggestion here is a Kylie CD converted to WAV format and each message encrypted has a different starting offset.

The pad must be kept secret or it can be routinely broken by computer once it is known.

If you are really serious about no-one breaking it under any condition, try cross seeding at least two different random number generators from an original user defined input and have the identical pad at each end of the encryption between sender and receiver.

If you are writing software for the FBI or the KGB or the MOSSAD or similar, you probably need this scale of encryption.

[Tedd]

I don't think it's so much for security as homework :bdg

Crossing multiple random generators, using multiple keys, etc, is no more secure than using one - since it is effectively the same as using a random generator having the combined equation, or the xor result of the keys, etc..
XOR encryption (in any form) is weak, unless the key is as long as the message; and not repeated for other messages -- hence the one-time pad, which is theoretically unbreakable since the encrypted message is as random as the pad used to create it. (Of course finding a suitable random source is generally a problem.)

[hutch--]

I probably should have clarified the idea of multiple random algotithms reseeding each other. What you must have to start with is a real world source of random data as a seed for the two random algos. The reseeded algos are useful in expanding the original real worls source into a much larger pad.

I have played with a few different real world sources including random data collected from radioactive decay noise and similar but I find that a 256 square mouse pad delivers much the same randomness without the need for a nuclear reactor. Just stick a Windows icon mouse pointer in front of it and ask them to be pefectly uniform with their mouse movements and you are just about garranteed to get highly random number sequences from it.  :bg