Re: Security - Best Encryption Tool

From: Schmidt (sss_at_online.de)
Date: 06/01/04


Date: Tue, 1 Jun 2004 17:40:33 +0200


"gaurav khanna" <gaurav.khanna@wipro.com> schrieb im Newsbeitrag
news:dc575aed.0406010641.4d6cda4b@posting.google.com...

> The work round I decided was to use the dll provided by the tool.
> Write some login to generate dynamically private key for each of the
> registered users based on his profile. Store this logic in a dll and
> some how secure this logic, so that no body is able to access it. But
> how to secure the logic is a concern, as dll can also be hacked to
> view its contents.

You should use the Login-Password (PW) and do a SHA1(PW & SomeFixedKey).
This SHA1-Value shouldn't made persistent, so it only exists in Memory and
can be used as private Key for en-/decrypting CreditCard-Info.
Changing the User-PW should be done with a transaction:
1. Show Dlg to get the old and the new PW (new PW twice).
2. Check, if NewPW1=NewPW2.
3. Check against your UserDatabase, that SHA1(OldPW)=CurrentPWInDataBase.
4. If succesful, then decrypt creditcard-info with SHA1(OldPW &
SomeFixedKey) as the private key.
5. Encrypt creditcard-info with SHA1(NewPW & SomeFixedKey) as the private
key.
6. Store the new PW and encrypted creditcard-info in the DataBase.
7. If no error inside transaction then commit else rollback.

For secure encryption a simple RC4 should do it with a 160Bit (SHA1-hashed)
Private Key.

Sub ArcFour(B() As Byte, BK() As Byte) '16 MB/sec on PIII 1 GHz
Dim i&, j&, k&, UB&, CC&, X As Byte, C(255) As Byte, T(255) As Byte
  On Error Resume Next
  UB = UBound(B): CC = UBound(BK) + 1
  If Err Then Err.Clear: Exit Sub
  On Error GoTo 0
  'Init Key-Arrays
  For i = 0 To 255: C(i) = i: T(i) = BK(i Mod CC): Next
  For i = 0 To 255
    j = (j + C(i) + T(i)) Mod 256
    X = C(i): C(i) = C(j): C(j) = X
  Next i
  'Crypt
  i = 0: j = 0
  For k = 0 To UB
    i = (i + 1) Mod 256: j = (j + C(i)) Mod 256
    X = C(i): C(i) = C(j): C(j) = X
    B(k) = B(k) Xor C((CInt(C(i)) + C(j)) Mod 256)
  Next k
End Sub

usage then:
Private Function EncryptCreditcardInfo$(CI as String, PK as String)
Dim B() as Byte
    B=Strconv(SHA1HexString(CI) & CI, vbFromUnicode)
    ArcFour B, SHA1Bytes(PK)
    EncryptCreditcardInfo = StrConv(B, vbUnicode)
End Function

Private Function DecryptCreditcardInfo$(eCI as String, PK as String)
Dim B() as Byte
    B=Strconv(eCI, vbFromUnicode)
    ArcFour B, SHA1Bytes(PK)
    DecryptCreditcardInfo = Mid$(StrConv(B, vbUnicode), 41)
End Function

Olaf



Relevant Pages

  • Encrypt/Decrypt String with RSA and X509Certificate
    ... I want to encrypt a string "secret message" with the public key of the ... certificate and decrypt this string with the private key. ... but I can't import the private key from the ...
    (comp.lang.java.programmer)
  • Re: Hied Query String
    ... Try this (used to hide a file path, but adaptable for a query string): ... Dim Mycoder As New Encryption64 ... 'Copied from Technet, private key changed ... Public Function Decrypt(ByVal stringToDecrypt As String, ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Security - Best Encryption Tool
    ... can be used as private Key for en-/decrypting CreditCard-Info. ... Encrypt creditcard-info with SHA1as the private ... Private Function EncryptCreditcardInfo$(CI as String, ... Private Function DecryptCreditcardInfo$ ...
    (microsoft.public.vb.general.discussion)
  • Re: Security - Best Encryption Tool
    ... can be used as private Key for en-/decrypting CreditCard-Info. ... Encrypt creditcard-info with SHA1as the private ... Private Function EncryptCreditcardInfo$(CI as String, ... Private Function DecryptCreditcardInfo$ ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Security - Best Encryption Tool
    ... can be used as private Key for en-/decrypting CreditCard-Info. ... Encrypt creditcard-info with SHA1as the private ... Private Function EncryptCreditcardInfo$(CI as String, ... Private Function DecryptCreditcardInfo$ ...
    (microsoft.public.dotnet.framework.aspnet.buildingcontrols)