RE: CryptEncrypt question

Actually, that is not what I meant. The input is not an issue. The issue for
me is the output. It used characters like '\0xa\, '\0xd' etc. in the output.
Now again, that maybe how it is supposed to work. The problem for me is since
I use the generated output as part of another concatenated string and in turn
use tokens like '\0xd', it throws token processing off.

So again, if there is no way to prevent CryptEncrypt from generating certain
output characters, is there any safe characters I can use as a token at all?

Thanks.

"lelteto" wrote:

CryptEncrypt is (and should always be) "blind" for any "character". It works
on BINARY data, ie. any input byte can have any value (0 - 255 = 0x00 -
0xff). You cannot "ask" a CSP to "skip" certain characters.
Another issue is block encryption: In such case each of your lines would be
extended for full block size (and to know the length you would need padding
as well.)
Moreover, you cannot make sure encryption will not result in some more
"extra" characters. So even if you encrypt line by line you would get some
more "special" characters in the ciphertext.

All in all, encryption will not preserve any formatting (like line splitss,
Tab chars, etc). If you need that, you would have to create your own
"obfuscation" of your text line by line. Note, however, that this will almost
surely decrease the security - probably seriously. So unless your goal is
just to do some CASUAL obfuscation against the simplest users, you better NOT
try to go around proper cryptography (ie. CryptEncrypt).

Laszlo Elteto
SafeNet, Inc.

"Al" wrote:

I have used CryptEncrypt fine so far until I hit a issue recently. I am using
some tags such as '\n' and '\t' in order to tokenize a few strings. It turns
out that CryptEncrypt ofcourse can use these when encrypting. When that
happens, it obviously messes up things for me. I have a 2 part question:

1. Is there a way to tell the underlying CSP not to use some characters when
using the Crypto API's like CryptEncrypt?

2. What would be a few safe characters to use to tokenize which are
guaranteed not to be used by CryptEncrypt?

Thanks.
.

Relevant Pages

  • RE: XP password and encryption
    ... Windows NT 4 (I can't remember if it was part of the SP2 upgrade to ... (effectively limited to 14 characters), ... a one-way (non-reversible encryption) of variable size. ... > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)
  • Re: Safe password?
    ... > I use an encryption program that uses AES-256 as its encryption ... > characters for this encryption type? ... The keyspace, expecially in the second case, would be far from the one ... collision resistent hash) to a random key of the length you desire; ...
    (sci.crypt)
  • Re: encryption
    ... advantages over 64-bit encryption if one chooses a password which is 8 ... characters or less? ... One of my pass phrases has more than 15 characters, ... and kept in a Keychain-like system. ...
    (comp.sys.mac.system)
  • Re: Storing input into a character array
    ... char enc; ... slots in the array enc until enc is filled up. ... If you don't want newline characters in your array, ... encryption, it does correctly output the 4 characters of the first row ...
    (comp.lang.c)
  • Re: Writing extended ascii characters to text file.
    ... John ... so in order to get real ASCII codes you should use the GetBytes ... >> I am just trying to port an existing simple encryption routine to C#. ... >> however when I encrypt the file, several characters are corrupted. ...
    (microsoft.public.dotnet.languages.csharp)