file encyrption/decryption help

[Ehtyar]

Mark, i believe you are referring to The Gutenberg Project, though last i checked they have a very limited variety of technical books.
Also, you can check out Agner Fog's page on pseudo-random number generation here.

Hope this helps, Ehtyar.

[Mark_Larson]

Mark, i believe you are referring to The Gutenberg Project, though last i checked they have a very limited variety of technical books.

Ehtyar.

  Thanks Ehtyar! :)  I was having a brain fart last night when I was trying to remember the name.  It doesn't matter if the books are technical.  I downloaded a large number of books at random, and removed all the spaces to make it better as a key. 

[Ehtyar]

Oooooooooooooh, i see what you mean :) Very clever :U

Ehtyar.

[PBrennick]

The thing to remember here is that a pad IS a key, albeit a very large one.

Lotus Notes has made good use of this method of sending keys (pads) for years.

Paul

[ic2]

What would be the recommended minimum and maximum key size for a 500k file to reach the security level that hutch is speaking of?

And which algos in the m32Lib should I use.  I think these are the three:  roldata.asm, rordata.asm and xordata.asm.  Are there more?

[hutch--]

ic2,

The source length or longer with the pad being encryption standard random data.

[ic2]

standard random data meaning any kind of plain text with no spaces as Mark_Larson indicated and  at any size as long as it the size of the source or larger.  I think I get it now.

Thanks hutch

[hutch--]

I don't thoink you got the idea exactly. Encryption standard random data is somewhat more complex than pseudo random data from random generators. It almost exclusively has an external real world source, radioactive decay, sub-sonic radio noise from the universe etc ..... You can write software where you create the seed random pad with a mouse where you drag it around a pad in an uneven manner but the random data must be truly unpredictable in its source otherwise it is trivial to duplicate it.

The idea that Mark has is OK but its short of being powerful enough for serious encryption of data that must be secured. By using plain text, the vast majority of it is lower case so you reduce the deviation range from 256 to 26 which drastically reduces the complexity of the pad.

[PBrennick]

I have heard of people using TIF files to do this. Scan your favorite picture and you have a block of data!

Paul

[MichaelW]

Why not use the Microsoft Cryptography functions?

http://msdn2.microsoft.com/en-us/library/aa380252.aspx

http://msdn2.microsoft.com/en-us/library/aa379942.aspx

[Ian_B]

I have heard of people using TIF files to do this. Scan your favorite picture and you have a block of data!

Paul

It sounds like it should be a neat idea, but most pictures may have large uniform areas of flattish background colour where the repeating colour data will be very regular indeed, certainly worse than Mark's text method. I just opened one of my own TIF image files and there are many areas that don't look at all random to me and a large repeating section of mostly zeroes close to the end that I presume is some sort of padding.

I think for a TIF to be seriously usable in this way it would have to be of a very complex subject with much high-contrast (both colour and shade) fine detail all over, close to the pixel level. This doesn't sound like most "favourite" photos, sadly.

IanB

[PBrennick]

Ian,
Yes, that is correct, but remember that the algorythm will not return a string of constant values in the same manner. For example, I created a file with 256 zeroes in it and encrypted it using my program with my private key and this is what I get...

Code Select Expand


æqS!ÖœÍ%JJ"‡åŸ?ªÎnèJTÚKÚ`×+ÑÁ«öPñ£Ä¸2@ç?§=L¬.?¼åÝ»ºLƒ•:™Ý^³gx"0à¥^tÌ‡Ò 0_ÄUî–Ê çžl˲G?_ÌEX°XÒ¾&AŒN\±5¯¤IdDÙVôaý»êGÞ¸PA
ĪVü Í™¬ijp'?VŒESÖet2&9úcê¦i£¸...koëM T®F†s{:Œsæ}Mvwvt¦"ˆl´7Þ+(‰€·ôxÁÇv1
%8>]s@–2:É$aH?Cy"šö¤è±/9?g¸^çÄ<GDyÙè


So appearances can be deceiving.

Michael,
That is a GREAT link. I did not know that advapi.lib contained that stuff and it is even in the windows API help file. I searched, and found, CryptEncrypt and CryptDecrypt. I need to play in this area some more!

Thanx,
Paul

[Ian_B]

Just a small thought... The objection to Mark's massive text pad was the limited range of the data, therefore the easy way to remedy this is to "spread" the range to cover a whole set of byte values. Since the most common range of text characters in books will be the lower-case ASCII chars, which occupy 1/8 of the ASCII range, and as noted there will be ranges simply not covered at all, such as 0-33 and 127-255, just multiply the pad value by 8 to fit to the full byte range (ADD/ADD/ADD ignoring overflows), then add a variable offset to fill in the seven char gaps between the new values, say the number of pad characters since the last "e". That should give a fairly full coverage of byte values. I leave it to others to decide whether that is sufficiently random for the purpose.

IanB

[WiteG]

Before you will use any block cipher for file encryption i would suggest you reading this wiki article.
If you will choose RC4 follow this link.. just to be warned  :wink
-
According to the first question : SHA256 is much better choise than MD5.

PS.

Heres a rc4 implementation written by "iCeBurg"

This RC4/aRC4 implementation was written by me, not iCeBurg. You can find it on my site.

[NervGaz]

Just to add to the rather interesting discussion on random number hee 's a little something i found ages ago in phrack...
http://phrack.org/archives/59/p59-0x18 thought it might be of interest depending on how involved you wanna get