Re: Cross platform password string encryption


Tom St Denis wrote:
Zief wrote:
I am currently searching for implementations of any of the free to use
encryption algorithms that will work on Delphi 7 on Windows and on the
Pocket PC using C# .NET Compact Framework, to encrypt and decrypt
strings.

Use C?

Despite the random poster, few people use Delphi or C# compared to C
and C++ which is why it's harder to find stuff for it.

Aren't you the one who keeps insisting that Google is your friend? I
had no problem finding half a dozen Pascal/Delphi implementations of
Blowfish in no time. <g>

The one in here is mine and tested against the test vectors:
http://sourceforge.net/projects/openstrsecii.

On a serious note, though, IME using an implementation written in C is
really only an advantage if it makes you able to use the same code on
both platform targets and if the implementation has been tested on both
platform targets. Otherwise it *really* doesn't matter which language
is used, because there are a number of potential problems that are far
more likely to be a concern:

1. The algorithm implementations are not compatible. E.g. one complies
with the test vectors and the other one doesn't, or one doesn't comply
with the test vectors on the platform target it is used for.

2. The consuming code doesn't use the library code in the right way.
E.g.
2.a. The key schedule routine is skipped and the developer is passing
a raw key directly to the encrypt routine.
2.b The IV is ignored and the two implementations handle that
differently (e.g. one is using a string of zero octets while the other
one generates one at random and prepends it to the cipher text and
presumes the encryptor did the same if used for decryption).

3. Either implementation might have options to use a KDF for processing
key data before passing it to the standard key schedule.

4. Either implementation might have options to use padding, which might
do anything from just appending PKCS last block padding to calculating
a MAC and putting the ciphertext in a packet for SSH transport.

5. The consuming code is trying to pass strings to the routines and
doesn't take proper care to ensure the format is correct. E.g. UTF16LE
Unicode strings are used on .NET, while Delphi Win32 defaults to Ansi 8
bit strings. Similar problems might occur if either implementation
expects the key, the IV or the cipher text to have some transport
encoding such as Base64 or hexadecimal.

Etc. I could go on for quite a while, but you get the point.

.

Relevant Pages

  • Re: Cross platform password string encryption
    ... I happen to have solved it now, I ended up using the Delphi LockBox ... Also to those "posters" suggesting I use other languages, ... The consuming code doesn't use the library code in the right way. ... The consuming code is trying to pass strings to the routines and ...
    (sci.crypt)
  • Re: One-Time Pads [was: Re: Help: Randomizing a List of Numbers]
    ... > never repeat the use of one of those strings then throw away the key. ... Checking my home machine, I see the following: ... if I were to use a one-time pad to encrypt traffic ... A CD a month, or even a CD a week, would not be a distribution nightmare. ...
    (sci.crypt)
  • Re: Newbie data size encryption questions
    ... amount of data that I can encrypt without the system being insecure? ... For example, if i wanted to encrypts strings of say 5 or 10 characters, ... bytes for AES] and other modes like CTR would need an IV. ...
    (sci.crypt)
  • Re: Storing connection strings
    ... An answer will depend heavily on who you are trying to protect it from, ... might also encrypt the key value. ... again perhaps encrypted and the keys protected by ACLs. ... Search for "COM+ Object Constructor Strings". ...
    (microsoft.public.vb.database)
  • Re: Linux System Users Login/Password?
    ... So far I've managed to pull all of the shadow password strings out and into a database, but is there any way of 'matching' the encrypted strings if you are given the plain text version, like with md5? ... PHP has a function named 'crypt' that will encrypt strings in the same way the password is encrypted into the password file. ... Do you really want to pull all the shadow entries into a database? ...
    (comp.lang.php)