|
Introduction
This Crypt routine uses an algorithm created by Rodney Thayer.
This algorithm can use keys of various sizes. With a 40-bit key (5 characters)
it can be freely exported from the U.S. The cipher is considered robust with 128
bits of key material but can use up to 2048 bits. It is compatible with RSA’s
RC4 algorithm.
void Crypt(TCHAR *inp, DWORD inplen, TCHAR* key = "", DWORD keylen = 0)
{
TCHAR Sbox[257], Sbox2[257];
unsigned long i, j, t, x;
static const TCHAR OurUnSecuredKey[] = "www.systweak.com" ;
static const int OurKeyLen = _tcslen(OurUnSecuredKey);
TCHAR temp , k;
i = j = k = t = x = 0;
temp = 0;
ZeroMemory(Sbox, sizeof(Sbox));
ZeroMemory(Sbox2, sizeof(Sbox2));
for(i = 0; i < 256U; i++)
{
Sbox[i] = (TCHAR)i;
}
j = 0;
if(keylen)
{
for(i = 0; i < 256U ; i++)
{
if(j == keylen)
{
j = 0;
}
Sbox2[i] = key[j++];
}
}
else
{
for(i = 0; i < 256U ; i++)
{
if(j == OurKeyLen)
{
j = 0;
}
Sbox2[i] = OurUnSecuredKey[j++];
}
}
j = 0 ;
for(i = 0; i < 256; i++)
{
j = (j + (unsigned long) Sbox[i] + (unsigned long) Sbox2[i]) % 256U ;
temp = Sbox[i];
Sbox[i] = Sbox[j];
Sbox[j] = temp;
}
i = j = 0;
for(x = 0; x < inplen; x++)
{
i = (i + 1U) % 256U;
j = (j + (unsigned long) Sbox[i]) % 256U;
temp = Sbox[i];
Sbox[i] = Sbox[j] ;
Sbox[j] = temp;
t = ((unsigned long) Sbox[i] + (unsigned long) Sbox[j]) % 256U ;
k = Sbox[t];
inp[x] = (inp[x] ^ k);
}
}
The only moral here is that we are generating a 256 bit key given from the
user. To encrypt we always pick a random byte from the key and encrypt the text
with that key. If we have a large pattern of repeating text with this algorithm
the key repeat interval (distance between n repetitions) will be approximately
of 21700 (2 to the 1700th power).
For very good security I recommend using 128 bits (16
characters) of key material. If you want optimal security you could use 2048
bits (256 characters) of key material (but this is usually considered an
overkill).
This routine is constructed from a draft taken from Internet
Engineering Task Force (IETF) at http://www.ietf.cnri.reston.va.us/home.htm
I have tested the routine on a 27 MB file to test that it
produce valid decrypted output from input and get the valid results.
Using this routine it is fairly simple.
TCHAR HelloCrypt[] = "Hello Crypt";
Crypt(HelloCrypt, _tcslen(HelloCrypt));
Crypt(HelloCrypt, _tcslen(HelloCrypt));
TCHAR Data[] = "abcdefghijklmnopqrstuvwxyz"
TCHAR Key[] = "Strong key";
Crypt(Data, _tcslen(Data), Key, _tcslen(Data));
Crypt(Data, _tcslen(Data), Key, _tcslen(Data));
Please visit My Web Site for more
tutorials, tweaks, reference.
| You must Sign In to use this message board. |
|
| | Msgs 1 to 22 of 22 (Total in Forum: 22) (Refresh) | FirstPrevNext |
|
|
 |
|
|
hi
i need an implementation of RSA algorithm performing encryption/decryption in C/C++. Please send it to my email :anuradha13@gmail.com if anybody can.
thanks a lot
Anuradha
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
HI all........
Anybody is having the source code for Elliptical curve cryptography program in vc++?
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
Hi!
Im looking for implementation of DSS digital signature algorithm in c/c++ without using any gnu or math library.I'll appreciate if anyone can help me with that.Thanx.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
Dear All!
i need an implementation of RSA algorithm performing encryption/decryption in C/C++(without using any gnu math precision library).i would be your all time friend.!Take care.Please send it to my email :syedmfaisal@hotmail.com
~Faisal
|
| Sign In·View Thread·PermaLink | 1.50/5 (2 votes) |
|
|
|
|
|
|
This code is crippled with a serious flaw. XORing is a nilpotent operation, which means anything XORed with itself is 0. Unfortunately, nulls terminate strings in C, and can thus truncate anything encrypted with this algorithm.
To prove this to yourself, try encrypting "George Bush is a Texan" and you will get "George" on both input and output -- everything else is lost after the null in position 6.
The fix is simple. Just don't use strings for encryption or decryption. Confine yourself to buffers and buffer-related functions (memcpy, etc) and everything will be fine. Nasty problems like this are exactly why cryptographic code needs to be peer-reviewed.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
It seems that the code sometimes will encrypt/decrypt correctly, and sometimes not. I've been fiddeling around with this example a lot, but can still not make it consequent in it's behavior.
This can sure be related to the usage of strings.
Here below is my testing sample. It will encrypt the string "ABCDEFG..." below and the write it to a binary file. Then it reads the file back and decrypts it and displays the the decrypted string in the console window.
Problem: If you just delete the character "A" in the string(and recompile), the string will get corrupted somehow and not displayed in its fully length.
I'm a newbie so I would apriciate all help there is, to make this code to work properly. Any clue on a workaround/inprovement?
-----------------------------------------------------------
#include <iostream.h>
#include <tchar.h>
#include <windows.h>
#include <stdio.h>
#include <fstream.h>
void Crypt(TCHAR *inp, DWORD inplen, TCHAR* key = "", DWORD keylen = 0)
{
//we will consider size of sbox 256 bytes
//(extra byte are only to prevent any mishep just in case)
TCHAR Sbox[257], Sbox2[257];
unsigned long i, j, t, x;
//this unsecured key is to be used only when there is no input key from user
static const TCHAR OurUnSecuredKey[] = "www.systweak.com" ;
unsigned static const int OurKeyLen = _tcslen( OurUnSecuredKey );
TCHAR temp , k = 0;
i = j = t = x = 0;
temp = 0;
//always initialize the arrays with zero
ZeroMemory(Sbox, sizeof(Sbox));
ZeroMemory(Sbox2, sizeof(Sbox2));
//initialize sbox i
for(i = 0; i < 256U; i++)
{
Sbox[i] = (TCHAR)i;
}
j = 0;
//whether user has sent any inpur key
if(keylen)
{
//initialize the sbox2 with user key
for(i = 0; i < 256U ; i++)
{
if(j == keylen)
{
j = 0;
}
Sbox2[i] = key[j++];
}
}
else
{
//initialize the sbox2 with our key
for(i = 0; i < 256U ; i++)
{
if(j == OurKeyLen)
{
j = 0;
}
Sbox2[i] = OurUnSecuredKey[j++];
}
}
j = 0 ; //Initialize j
//scramble sbox1 with sbox2
for(i = 0; i < 256; i++)
{
j = (j + (unsigned long) Sbox[i] + (unsigned long) Sbox2[i]) % 256U ;
temp = Sbox[i];
Sbox[i] = Sbox[j];
Sbox[j] = temp;
}
i = j = 0;
for(x = 0; x < inplen; x++)
{
//increment i
i = (i + 1U) % 256U;
//increment j
j = (j + (unsigned long) Sbox[i]) % 256U;
//Scramble SBox #1 further so encryption routine will
//will repeat itself at great interval
temp = Sbox[i];
Sbox[i] = Sbox[j] ;
Sbox[j] = temp;
//Get ready to create pseudo random byte for encryption key
t = ((unsigned long) Sbox[i] + (unsigned long) Sbox[j]) % 256U ;
//get the random byte
k = Sbox[t];
//xor with the data and done
inp[x] = (inp[x] ^ k);
}
// return 0;
}
int main()
{
TCHAR text[500];
// To encrypt a text
TCHAR HelloCrypt[] = "ABCDEFGHIJKLMNOPQRSTUVWXY123456789016063c01f1c77d601cec1ee16";
// We do not enter the key so we will be using default key provide by the crypt routine
Crypt(HelloCrypt, _tcslen(HelloCrypt));
remove( "example.bin" ); // If file already exists, delete it
ofstream a_file( "example.bin" ); // Open/Create file for writing
int setmode( int nMode = filebuf::binary ); // Set filemode to binary
a_file<< HelloCrypt;
a_file.close(); // Close file
ifstream b_file( "example.bin" ); // Open file for reading
// int setmode( int nMode = filebuf::binary );
b_file>> text; // Store filecontents in string "text"
// cout<< HelloCrypt<< "\n";
// Now to decrypt
Crypt(text, _tcslen(text)); // Decrypt the contents
cout<< text<< "\n"; // Print contents on screen
////////////////////////////////////////////////////////////////////////////////
// If we have to supply a key we have to use crypt as follows:
// TCHAR Data[] = "abcdefghijklmnopqrstuvwxyz"
// TCHAR Key[] = "Strong key";
// Encrypt:
// Crypt(Data, _tcslen(Data), Key, _tcslen(Key));
// Decrypt
// Crypt(Data, _tcslen(Data), Key, _tcslen(Key));
/////////////////////////////////////////////////////////////////////////////
return 0;
}
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
The problem is when loading and saving.
Here is a perfect(!) working version:
#include <iostream.h>
#include <tchar.h>
#include <windows.h>
#include <stdio.h>
#include <fstream.h>
static FILE *File;
unsigned static int A;
// Crypt Function /////////////////////////////////////////////////////////////////////////////////////////////////
void Crypt( TCHAR *inp, DWORD inplen, TCHAR* key = "", DWORD keylen = 0 )
{
//we will consider size of sbox 256 bytes
//(extra byte are only to prevent any mishep just in case)
TCHAR Sbox[257], Sbox2[257];
unsigned long i, j, t, x;
//this unsecured key is to be used only when there is no input key from user
static const TCHAR OurUnSecuredKey[] = "www.systweak.com" ;
unsigned static const int OurKeyLen = _tcslen( OurUnSecuredKey );
TCHAR temp , k = 0;
i = j = t = x = 0;
temp = 0;
//always initialize the arrays with zero
ZeroMemory( Sbox, sizeof( Sbox ) );
ZeroMemory( Sbox2, sizeof( Sbox2 ) );
//initialize sbox i
for( i = 0; i < 256U; i++ )
{
Sbox[i] = ( TCHAR )i;
}
j = 0;
//whether user has sent any inpur key
if( keylen )
{
//initialize the sbox2 with user key
for( i = 0; i < 256U ; i++ )
{
if( j == keylen )
{
j = 0;
}
Sbox2[i] = key[j++];
}
}
else
{
//initialize the sbox2 with our key
for( i = 0; i < 256U ; i++ )
{
if( j == OurKeyLen )
{
j = 0;
}
Sbox2[i] = OurUnSecuredKey[j++];
}
}
j = 0 ; //Initialize j
//scramble sbox1 with sbox2
for( i = 0; i < 256; i++ )
{
j = ( j + ( unsigned long ) Sbox[i] + ( unsigned long ) Sbox2[i] ) % 256U ;
temp = Sbox[i];
Sbox[i] = Sbox[j];
Sbox[j] = temp;
}
i = j = 0;
for( x = 0; x < inplen; x++ )
{
//increment i
i = (i + 1U) % 256U;
//increment j
j = (j + ( unsigned long ) Sbox[i] ) % 256U;
//Scramble SBox #1 further so encryption routine will
//will repeat itself at great interval
temp = Sbox[i];
Sbox[i] = Sbox[j] ;
Sbox[j] = temp;
//Get ready to create pseudo random byte for encryption key
t = ( ( unsigned long ) Sbox[i] + ( unsigned long ) Sbox[j] ) % 256U ;
//get the random byte
k = Sbox[t];
//xor with the data and done
inp[x] = ( inp[x] ^ k );
}
}
// Actual Program /////////////////////////////////////////////////////////////////////////////////////////////////
int main()
{
// To encrypt a text
TCHAR HelloCrypt[] = "ABCDEFGHIJKLMNOPQRSTUVWXY1234567890";
// We do not enter the key so we will be using default key provide by the crypt routine
Crypt(HelloCrypt, _tcslen(HelloCrypt));
// Saving encrypted string to file //////////////
if( NULL!=( File=fopen( "example.bin" , "wb") ) ) // Check to see if the existing file is write protected
{
File=fopen( "example.bin" , "wb" ); // Save binary contents of HelloCrypt
for( A = 0; A < _tcslen( HelloCrypt ); A++ )
{
fseek( File, A, SEEK_SET );
fwrite( &HelloCrypt[A], 1, 1, File );
}
printf( "Information saved! SUCCESS...\n" );
fclose( File );
printf( "%s\n\n", HelloCrypt ); // Print contents on screen
}
else printf( "Unable to create file!\n\n" );
// Reading crypted file and decrypt content /////
if( NULL!=( File=fopen( "example.bin" , "r") ) ) // Check to see if the file exists
{
File=fopen( "example.bin" , "r" ); // Read binary contents from file to HelloCrypt
for( A = 0; A < _tcslen( HelloCrypt ); A++ )
{
fseek( File, A, SEEK_SET );
fread( &HelloCrypt[A], 1, 1, File );
}
printf( "Information read! SUCCESS...\n" );
fclose( File );
Crypt( HelloCrypt, _tcslen( HelloCrypt ) ); // Decrypt content in file
printf( "%s\n\n", HelloCrypt ); // Print contents on screen
}
else printf( "File Access Failure!\n\n" );
////////////////////////////////////////////////////////////////////////////////
// If we have to supply a key we have to use crypt as follows:
// TCHAR Data[] = "abcdefghijklmnopqrstuvwxyz"
// TCHAR Key[] = "Strong key";
// Encrypt:
// Crypt(Data, _tcslen(Data), Key, _tcslen(Key));
// Decrypt
// Crypt(Data, _tcslen(Data), Key, _tcslen(Key));
/////////////////////////////////////////////////////////////////////////////
return 0;
}
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
|
|
|
The final part of the algorithm does an XOR that could give out \x0000 (Unicode NULL) for certain combination of characters, hence the string length of the encrypted value gets shorted and reverse process doesn't work at times. (Due to _tcslen use)
However I have over come this by tweaking the algorithm a little bit so that never a character gets encrypted to \x0000. (if final encrypted char is null then insert the original char, reverse process also works for this) I have tested this. This may weaken the encryption strength but you have a encrypted key that could be decrypted to the correct value.
Anonymous
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
Here it is, the part I changed:
//xor with the data and done
//inp[x] = ( inp[x] ^ k );
if ((inp[x] ^ k) == _T('\x0000'))
{inp[x] = inp[x] ;}
else
{inp[x] = (inp[x] ^ k);}
////// XOR is done only if the result is not a NULL \\\\\\\
Let me know if you can make it better, or find another way of doing it.
Shankar
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Looking at the code, it doesn't look like there is anything random about it, but in the message it says that "...encrypt we always pick a random byte from the key and encrypt the text with that..."
Wouldn't that make it impossible to come back to the source string, unless you pick the same random key?
Looking over hte code, it looks like it doesn't do that, but I still notice different encryptions for the same string, could anybody enlighten me?
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
Note that he is talking about 'psuedo-random' byte . It is always psuedo-random and not really random.
With my tests on this code it always produces the same encryption for the same string for the same key.
Anand
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
newbie here, beware
thanks for the code, how can i convert from a CString?
tried
CString tm;
tm = "Test String";
LPTSTR lpsz = new TCHAR[tm.GetLength()+1];
_tcscpy(lpsz, tm);
TCHAR HelloCrypt[] = lpsz;
i get, "cannot convert char * to char []".
i've tried everything i can think of, any helps really appreciated
shotgun
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
I've been looking for some code to deal specifically with strings, something a little above basic XOR, the only purpose to provide fast and small routines ( not particulary strong ) to hinder reverse engineering. All attempts by me so far have failed... they have all had bugs in them, don't suppose anyone has any ideas....
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Change the following code from this ......
//Encrypt
Crypt(Data, _tcslen(Data), Key, _tcslen(Data));
//Decrypt
Crypt(Data, _tcslen(Data), Key, _tcslen(Data));
to this ......
//Encrypt
Crypt(Data, _tcslen(Data), Key, _tcslen(Key));
//Decrypt
Crypt(Data, _tcslen(Data), Key, _tcslen(Key));
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
The RC4 algorithm was designed in RSA Labratories by Ron Rivest in 1987. Rodney Thayer and Kalle Kaukonen documented it (read: reverse engineered it) and published it as an Internet Draft (http://www3.pkiclue.com/publications/draft-kaukonen-cipher-arcfour-01.txt); however, I'm not sure they were the first to do it.
It is important to make clear that RC4 already has several known weaknesses, and should therefore not be used today; this includes the implementation presented in this article. There are several better alternatives available, such as the new encryption standard AES (Rijndael), Twofish or Blowfish. Always pick an algorithm that doesn't have known weaknesses (that can't be avoided), and one that has undergone intensive peer review. And if security is of great importance, consult an expert.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
If you would like to check out a Library for this type of stuff, check this site out Crypto++ 4.2 or you can go to a page in CodeProject that I wrote using this library called Cryptest.
Regards,
Dan
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
Crypto++, as Dan pointed out, is an excellent choice if you're programming in C++. Should you be working in C, there are many alternative implementations to be found here: ftp://ftp.hacktic.nl/pub/crypto/libraries/
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
 General  News  Question  Answer  Joke  Rant  Admin
|
