Re: Editor crypt



On 01/21/2011 03:45 PM, Paulo Marques wrote:
DasFox wrote:
On Fri, 21 Jan 2011 14:52:31 +0100, pahm wrote:

I found an editor, Notepad + +, which has the ability to encrypt the
content of the file you are working. Can you tell me if you feel
reliable as the encryption system?

http://notepad-plus-plus.org/

http://sourceforge.net/projects/npp-plugins/files/SecurePad/SecurePad.v1.0.bin.zip

Deduce it using Tech as your guide...

Open source...pear review...C++...Green Mission...

RECOMMENDED...

You didn't really look at the code, did you?

I just went for a quick look to see if the code at least made sure the
memory used to hold the key was erased after encryption, but what I
found was much, much worse.

The "encryption" function consists of:

// TODO: Make this more advanced/secure
void strcrypt2(char *str, char *pwd)
{
long strl = (long)strlen(str);
long pwdl = (long)strlen(pwd);

for(long i = 0; i < strl; i++)
{
char c = str[i] ^ pwd[i % pwdl];

if(c != 0)
str[i] = c;
}
}

i.e., it is the worst N-time pad I've ever seen.

The password can probably be recovered "by hand" by just looking at the
pattern to figure the password length and then looking at the
"unconverted" characters that are the same as the password at that
position. Breaking this with a computer is not even funny.

Hm, Ok.

I didn't review the editor nor the source code.

If I could make something easy using instant GPG encryption/decryption,
would there be any interest? (since there are so many alternatives)

Just someone who's interested.


--
GPG_Decrypt:
Write('Password: '); ReadLn(USERINPUT);
if (USERINPUT=empty) then goto CleanUp;
Tmp := Format('--no-options --no-default-keyring --dry-run
--passphrase "%s" "%s"', [USERINPUT, FullFilePath(5)]);
ShellExecute(MainWnd, 'open', PChar(FullFilePath(4)), PChar(Tmp), nil,
SW_HIDE);
Sleep(1000);
if not FileExists(FullFilePath(6)) then goto GPG_Decrypt;
.