file encyrption/decryption help

[PBrennick]

I am not going to dignify your flaming me for a program I did not write with a response. You should consider how you talk to people.

Paul

[Ehtyar]

Well if there was ever an easy way to settle this discussion, here it is. Here you have source for the Advanced Encryption Standard (AKA Rijndael) in MASM syntax. This algorithm is virtually the undisputed champion of encryption. Unfortunately it doesn't come with any documentation, but after looking at the source myself, it doesn't look too horrible. The credits to the author are inside the attachment (his handle is witeg), but if anyone creates a nice example using this source, I'm sure we would all appreciate a look-see.

Hope this helps, Ehtyar.

[attachment deleted by admin]

[ecube]

Well I read your PM PBrennick and I must say I don't appreciate it, I understand your status in the community, but I still think you were way out of line. I didn't "flame" you, the Rc4 implementation isn't broken in any way, it works very well, and  if you can't get it to work I apologize but I provided 3 examples. Ehtyar Rijndael is indeed a nice encryption algorithm, Rc6 was a candiate for AES aswell, but Rijndael had a few  areas where it excelled over Rc6. Why I enjoy Rc4 so much though is for a couple of reasons

1)Implementation is very small
2)It's very fast
3)Very flexible

Rc4 is a fantastic stream cipher, AES and others only read in specific sized data blocks, whether it be 16 bytes at a time or whatever the case.  Also some require key lengths of specific sizes, which again I don't like. And even some also require external buffers to put the encrypted/decrypted data in, Rc4 doesn't require any of that, key and data lengths can be any size and no external buffer is needed. I think that's why Rc4 is used in SSL, wep and many other protocols.

[Ehtyar]

E^cube, you yourself recommended Rijndael in your original post. I suppose the cipher of choice depends on the use. Since we are still in the dark about what ragdog wishes to use this cipher on, we can't make a sound suggestion. I posted the Rijndael source mostly to end the debate about rc4, as Rijndael is in fact THE most secure algorithm available in current times. Hopefully it will help someone.

Ehtyar.

[edit]
E^cube, you might also consider reading this article. Of particular note is this line:

RC4 falls short of the standards set by cryptographers for a secure cipher in several ways, and thus is not recommended for use in new applications.

[/edit]

[ic2]

You mean to tell me after all of these years I and many other  follower of asm have been searching the world for those encryption algs in ASM posted here and now someone REMOVED them.

I get 404 - Attachment Not Found.  What is the problem?

It took me forever to find Tea in ASM digging through tons of leads and doc...

Where are these files...

PS: Pbrennick, E^cube didn't even crack on you not even a litte bit... How nice can this be.  I would have been raving mad behind your comment and would not been afraid to let you know it .

Not having time to go into details about a disagreement is respect.  We all got a lot of respect for you, so don't go overboard like so many other have done and still doing.  We all got problem and you don't need any more either, so take it easy Pbrennick and slip E^cube and apology and be done with it . 

btw:   If these file were removed because you got pis-off ... than you really got a fight on your hands  ..    :)

[hutch--]

Guys,

Lets not turn this into an argument, there is too much useful stuff being mentioned for it to be wasted.

[Ehtyar]

I can't seem to reattach AES. Seems to be a bug in the board..filesize() failed apparently, why it is being called before a file upload is anyone's guess. Anyway, in the meantime i have it on my shell here.

Hope it helps you guys, Ehtyar.

[PBrennick]

ic2,
Relax, no one is removing files. As for 'me' removing files because I might be pissed off (which I am not), I do not have the ability to do that as I am not a Global Moderator. I would never do that anyway.

Let's just continue the crypto discussions. Rjindael is in line to be the encryptor of the future, a change after 24 years was bound to happen, anyhow. WinZip now uses this algo in their software. I read that an encrypted file using AES was broken, but it took 22 hours using an unbelievable amount of computers making this an incredibly secure standard. IMO, of course. I respect the opinions of others.

Paul

[Vortex]

ic2,

Paul is right, only Global Moderators are allowed to remove files breaking the forum rules. Paul is trying to help you so there is no need for you to attack anyone.

[hutch--]

In case anyone missed it, I posted an explanation that I messed up a directory permission and set it too strict for read or write so file downloads were disabled.

[ic2]

Hello Vortex, I would never bit the hand that feed my brain if i unless i was force to. :(

If a Moderator use the word flame, that mean that someone broke the rules and could leave a mark on that member including some hurt and angry feeling all because of an mis-understanding. If you read my comment between the lines you see it all about telling BOTH parties to take it easy and make up soon as possible .. .  Not to jump in to start another fight.

If these file were removed because you got pis-off ... than you really got a fight on your hands  ..    :)

THAT's was A JOKE... did you notice the smile.

I know the rules.  I actually thought the forum got hacked but did not want to mention it because i did not want to jinks it bake up.  I guest we all got to stop being so sensitive.  Let's move on...

What do you guys think about blowfish as a 2nd or 3rd encryption on top of the best encryption ...

http://en.wikipedia.org/wiki/Blowfish_(cipher)

See Attachment:

Best public cryptanalysis:
Four rounds of Blowfish are susceptible to a second-order differential attack (Rijmen, 1997); for a class of weak keys, 14 rounds of Blowfish can be distinguished from a pseudorandom permutation (Vaudenay, 1996).

In cryptography, Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. While no effective cryptanalysis of Blowfish has been found to date, more attention is now given to block ciphers with a larger block size, such as AES or Twofish.....

[attachment deleted by admin]

[PBrennick]

ic2,
As far as Blowfish goes; it is my opinion that it does a nice and reliable job. The thing I like about Blowfish is that it is a Block Cypher. Block Cyphers, in my opinion, always lead the crowd.

Paul

[Ehtyar]

Hi all :)
In order to keep Paul happy (jokes) here are the only other stream ciphers i could find asm source for.
Here is some info for each:
WG - Presented as a 22-cycle stream cypher to ECRYPT (European Network of Excellence for Cryptology) but was found vulnerable at 22 cycles, and is now recommended to be used at 88 cycles. There appears to be no cryptanalysis whatsoever on an 88 cycle WG implementation as the prior weakness invalidates this entry from ECRYPT.
VMCP - Designed specifically as a replacement for RC4, this algorithm was first presented to FSE (Fast Software Encryption Conference) in 2004, and cryptanalysis of the algorithm determined it was vulnerable to the same distinguishing attacks as RC4, though this type of attack does not directly compromise the encrypted data. It is therefore considered secure, as this is the only known attack effective against this algorithm.
PC1 - A cipher that produces identical output to that of RC4, and employs the same encrypt-again-to-get-plaintext operation as RC4. It is therefore just as weak/secure as RC4 and is simply implemented slightly different. I have not found any reasoning for the re-design of RC4 into this cipher.

NOTE: This information is based on about 30 minutes of reseach this morning, therefore i could conceivably be wrong about any of this.

Hope this helps, Ehtyar.

[attachment deleted by admin]

[hutch--]

Its not that I need it much these days but I have a formula if you really and truly MUST pass encrypted data that is highly secure to someone else. The couple of algos in the masm32 library are designed to be run with unique large keys and they produce what is usually called a one pass or one shot pad. The action is not in the algos which are trivial but in the quality of the random pad that is used in conjunction with the data.

Historically these have been the most secure but least easy to use but there is a simple enough trick to solve its one known problem of the occasional bit of plain text showing through, pass the data through another encryption algorithm that seriously messes up the byte order so there is no chance of any plain text showing through then run the data through a high quality random pad and you will produce encrypted data that will break a supercomputer.

I am in debt to JIBZ for some useful analysis on pad reuse, the more times a pad is used, the weaker it gets and someone with enough knowhow and computer grunt can break a repeatedly used pad. There is a solution to the need for very good quality unique pads, create a massive random pad triggered from external real world and write it to a CD. Send it to the data recipient by a physically secured method and for each message send between the two parties, use a different offset in the massive pad to ensure that each pad is unique and you should be able to keep them guesing until the year 3000.  :bg

I have this bias against conventional encryption methods that use variable length keys in that they are all vulnerable to massive computer grunt testing randomly generated input keys. This week its a 128 bit key, next week it will be a 192 bit key, next year it will be a 1024 bit key etc .... but any encryption method that depends on key complexity it a target for dedicated computer cracking when enough computer grunt is put in place.

Unique pad technology does not sufer this problem.

[Mark_Larson]

  I've done the huge dataset of random data before, but you can also downloaded several books instead of using random data.  There is a book project to scan in books.  I don't have the link in front of me.  But there is a website with a large number of scanned in books you can download.  Does anyone know what I am referring to and have a link available?  I'll have to re-dig it up.