Re: Security - Best Encryption Tool

From: Schmidt (
Date: 06/01/04

Date: Tue, 1 Jun 2004 17:40:33 +0200

"gaurav khanna" <> schrieb im Newsbeitrag

> The work round I decided was to use the dll provided by the tool.
> Write some login to generate dynamically private key for each of the
> registered users based on his profile. Store this logic in a dll and
> some how secure this logic, so that no body is able to access it. But
> how to secure the logic is a concern, as dll can also be hacked to
> view its contents.

You should use the Login-Password (PW) and do a SHA1(PW & SomeFixedKey).
This SHA1-Value shouldn't made persistent, so it only exists in Memory and
can be used as private Key for en-/decrypting CreditCard-Info.
Changing the User-PW should be done with a transaction:
1. Show Dlg to get the old and the new PW (new PW twice).
2. Check, if NewPW1=NewPW2.
3. Check against your UserDatabase, that SHA1(OldPW)=CurrentPWInDataBase.
4. If succesful, then decrypt creditcard-info with SHA1(OldPW &
SomeFixedKey) as the private key.
5. Encrypt creditcard-info with SHA1(NewPW & SomeFixedKey) as the private
6. Store the new PW and encrypted creditcard-info in the DataBase.
7. If no error inside transaction then commit else rollback.

For secure encryption a simple RC4 should do it with a 160Bit (SHA1-hashed)
Private Key.

Sub ArcFour(B() As Byte, BK() As Byte) '16 MB/sec on PIII 1 GHz
Dim i&, j&, k&, UB&, CC&, X As Byte, C(255) As Byte, T(255) As Byte
  On Error Resume Next
  UB = UBound(B): CC = UBound(BK) + 1
  If Err Then Err.Clear: Exit Sub
  On Error GoTo 0
  'Init Key-Arrays
  For i = 0 To 255: C(i) = i: T(i) = BK(i Mod CC): Next
  For i = 0 To 255
    j = (j + C(i) + T(i)) Mod 256
    X = C(i): C(i) = C(j): C(j) = X
  Next i
  i = 0: j = 0
  For k = 0 To UB
    i = (i + 1) Mod 256: j = (j + C(i)) Mod 256
    X = C(i): C(i) = C(j): C(j) = X
    B(k) = B(k) Xor C((CInt(C(i)) + C(j)) Mod 256)
  Next k
End Sub

usage then:
Private Function EncryptCreditcardInfo$(CI as String, PK as String)
Dim B() as Byte
    B=Strconv(SHA1HexString(CI) & CI, vbFromUnicode)
    ArcFour B, SHA1Bytes(PK)
    EncryptCreditcardInfo = StrConv(B, vbUnicode)
End Function

Private Function DecryptCreditcardInfo$(eCI as String, PK as String)
Dim B() as Byte
    B=Strconv(eCI, vbFromUnicode)
    ArcFour B, SHA1Bytes(PK)
    DecryptCreditcardInfo = Mid$(StrConv(B, vbUnicode), 41)
End Function