Re: Security - Best Encryption Tool
From: Schmidt (sss_at_online.de)
Date: 06/01/04
- Next message: Johanna Espinosa: "RE: Reverse Encryption in .NET"
- Previous message: Ken Halter: "Re: Security - Best Encryption Tool"
- In reply to: gaurav khanna: "Security - Best Encryption Tool"
- Next in thread: Alek Davis: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Jun 2004 17:40:33 +0200
"gaurav khanna" <gaurav.khanna@wipro.com> schrieb im Newsbeitrag
news:dc575aed.0406010641.4d6cda4b@posting.google.com...
> The work round I decided was to use the dll provided by the tool.
> Write some login to generate dynamically private key for each of the
> registered users based on his profile. Store this logic in a dll and
> some how secure this logic, so that no body is able to access it. But
> how to secure the logic is a concern, as dll can also be hacked to
> view its contents.
You should use the Login-Password (PW) and do a SHA1(PW & SomeFixedKey).
This SHA1-Value shouldn't made persistent, so it only exists in Memory and
can be used as private Key for en-/decrypting CreditCard-Info.
Changing the User-PW should be done with a transaction:
1. Show Dlg to get the old and the new PW (new PW twice).
2. Check, if NewPW1=NewPW2.
3. Check against your UserDatabase, that SHA1(OldPW)=CurrentPWInDataBase.
4. If succesful, then decrypt creditcard-info with SHA1(OldPW &
SomeFixedKey) as the private key.
5. Encrypt creditcard-info with SHA1(NewPW & SomeFixedKey) as the private
key.
6. Store the new PW and encrypted creditcard-info in the DataBase.
7. If no error inside transaction then commit else rollback.
For secure encryption a simple RC4 should do it with a 160Bit (SHA1-hashed)
Private Key.
Sub ArcFour(B() As Byte, BK() As Byte) '16 MB/sec on PIII 1 GHz
Dim i&, j&, k&, UB&, CC&, X As Byte, C(255) As Byte, T(255) As Byte
On Error Resume Next
UB = UBound(B): CC = UBound(BK) + 1
If Err Then Err.Clear: Exit Sub
On Error GoTo 0
'Init Key-Arrays
For i = 0 To 255: C(i) = i: T(i) = BK(i Mod CC): Next
For i = 0 To 255
j = (j + C(i) + T(i)) Mod 256
X = C(i): C(i) = C(j): C(j) = X
Next i
'Crypt
i = 0: j = 0
For k = 0 To UB
i = (i + 1) Mod 256: j = (j + C(i)) Mod 256
X = C(i): C(i) = C(j): C(j) = X
B(k) = B(k) Xor C((CInt(C(i)) + C(j)) Mod 256)
Next k
End Sub
usage then:
Private Function EncryptCreditcardInfo$(CI as String, PK as String)
Dim B() as Byte
B=Strconv(SHA1HexString(CI) & CI, vbFromUnicode)
ArcFour B, SHA1Bytes(PK)
EncryptCreditcardInfo = StrConv(B, vbUnicode)
End Function
Private Function DecryptCreditcardInfo$(eCI as String, PK as String)
Dim B() as Byte
B=Strconv(eCI, vbFromUnicode)
ArcFour B, SHA1Bytes(PK)
DecryptCreditcardInfo = Mid$(StrConv(B, vbUnicode), 41)
End Function
Olaf
- Next message: Johanna Espinosa: "RE: Reverse Encryption in .NET"
- Previous message: Ken Halter: "Re: Security - Best Encryption Tool"
- In reply to: gaurav khanna: "Security - Best Encryption Tool"
- Next in thread: Alek Davis: "Re: Security - Best Encryption Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
