Results 1 to 5 of 5

Thread: Basics of Encryption and decryption

  1. #1
    Join Date
    Sep 2006
    Posts
    339
    Thanks
    15
    Thanked 21 Times in 16 Posts
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11 Windows

    Default Basics of Encryption and decryption

    Hi All,
    This is just to make clear some of the concepts used for encrypting and decrypting a file.

    I use crypto++ lib for reference.

    Some of common questions:
    1) What is a 'seed' in cryptography?
    2) I have a plain text file with size say '20kb'. When I encrypt the file the file size is increased. Why?
    3) crypto++ provides alogorithms to encrypt and decrypt the files. To either encrypt and decrypt we need to write some logic which can make use of algorithms.
    Consider for example I have this code snippet
    Qt Code:
    1. string EncryptString(const char *instr, const char *passPhrase)
    2. {
    3. string outstr;
    4.  
    5. DefaultEncryptorWithMAC encryptor(passPhrase, new HexEncoder(new StringSink(outstr)));
    6. encryptor.Put((byte *)instr, strlen(instr));
    7. encryptor.MessageEnd();
    8.  
    9. return outstr;
    10. }
    11.  
    12. string DecryptString(const char *instr, const char *passPhrase)
    13. {
    14. string outstr;
    15.  
    16. HexDecoder decryptor(new DefaultDecryptorWithMAC(passPhrase, new StringSink(outstr)));
    17. decryptor.Put((byte *)instr, strlen(instr));
    18. decryptor.MessageEnd();
    19.  
    20. return outstr;
    21. }
    To copy to clipboard, switch view to plain text mode 

    Now in the above code there is logic to encrypt and decrpt a string.
    1) Suppose there is a hacker who knows the passpharse of string and even know what alogorithm was used to encrypt it ( DefaultEncryptorWithMAC in above case). Is it possible for the hacker to decrypt the string with above information(only passpharse and algorithm used) ?
    2) What do I call the logic part written above in technical terms? Suppose I want to explain my peers about how I used the logic to encrypt and decrypt the files. Is this what you call 'seed'?
    3) I will encrypt a file with say AES::CBC mode and use passpharse 'hello123'. Now I have a friend in Poland whom I send the file by an attachment. I even reveal my passpharse and algorithm used (AES::CBC) but not the logic I have written to encode. Is it possible for my friend to decrypt the file using crypto++ lib?

    The above questions might sound stupid so please bear with me?
    Thanks

  2. #2
    Join Date
    Jan 2006
    Location
    travelling
    Posts
    1,116
    Thanks
    8
    Thanked 127 Times in 121 Posts
    Qt products
    Qt4
    Platforms
    Unix/X11 Windows

    Default Re: Basics of Encryption and decryption

    Quote Originally Posted by vermarajeev View Post
    1) Suppose there is a hacker who knows the passpharse of string and even know what alogorithm was used to encrypt it ( DefaultEncryptorWithMAC in above case). Is it possible for the hacker to decrypt the string with above information(only passpharse and algorithm used) ?
    If he has the same program as you or know how to write it it won't be a problem... Actually he might not even need such a program if he is as good as jacek...

    Quote Originally Posted by vermarajeev View Post
    2) What do I call the logic part written above in technical terms? Suppose I want to explain my peers about how I used the logic to encrypt and decrypt the files. Is this what you call 'seed'?
    A seed is generally used to qualify an element of a random number generator but also has many other meanings... Your peers won't necessarily have knowledge of C++ programming and probably won't be willing to build the encyption/decryption program themselve (would they be able to do it and would they have proper tools...)

    Quote Originally Posted by vermarajeev View Post
    3) I will encrypt a file with say AES::CBC mode and use passpharse 'hello123'. Now I have a friend in Poland whom I send the file by an attachment. I even reveal my passpharse and algorithm used (AES::CBC) but not the logic I have written to encode. Is it possible for my friend to decrypt the file using crypto++ lib?
    Sure but, again, he will need some knowledge of C++, crypto++ and all the tools needed (i.e. compiler toolchain, library installed, ...) so this is probably not the right way to go...
    Current Qt projects : QCodeEdit, RotiDeCode

  3. #3
    Join Date
    Jan 2006
    Location
    Warsaw, Poland
    Posts
    5,372
    Thanks
    28
    Thanked 976 Times in 912 Posts
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11 Windows

    Default Re: Basics of Encryption and decryption

    Quote Originally Posted by vermarajeev View Post
    2) I have a plain text file with size say '20kb'. When I encrypt the file the file size is increased. Why?
    Because you use a block cipher which can encrypt only whole blocks.

    Quote Originally Posted by vermarajeev View Post
    3) I will encrypt a file with say AES::CBC mode and use passpharse 'hello123'.
    Still AES will be the strongest part of your encryption scheme. And AES is as strong as the password, which should remain secret.

  4. #4
    Join Date
    Sep 2006
    Posts
    339
    Thanks
    15
    Thanked 21 Times in 16 Posts
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11 Windows

    Default Re: Basics of Encryption and decryption

    Quote Originally Posted by jacek View Post
    Because you use a block cipher which can encrypt only whole blocks.


    Still AES will be the strongest part of your encryption scheme. And AES is as strong as the password, which should remain secret.
    So mean to say I shouldnt disclose my algorithm too... But if the hacker is really good like you( Jacek ) he can try all the combinations to guess what algorithm I have used. Isnt that possible???

    Again since I have written a program to encrypt and decrypt the files using blocks, will it matter?? as the hacker wont be aware of the program I have written. And he needs to first design the program and logic I have used to encrypt and decrypt.

    Sure but, again, he will need some knowledge of C++, crypto++ and all the tools needed (i.e. compiler toolchain, library installed, ...) so this is probably not the right way to go...
    What if he is an expert in some scripting language like perl or ruby. It can also be Java, but doesnt know C++...
    Suppose I just encrypted the file ( AES::CBC ) and send it. My friend receives the encrypted file and he knows my 'passpharse' but he doesnt know what program, what language etc. But he guessed it is in AES::CBC. Now he writes a perl program ( his own ) to decrypt the file with same passpharse. Is he going to succeed? Can he decrypt the file? This case happened to me and my friend says ' FILE IS NOT DECRYPTING '. So what should I say the file was encrypted perfectly and is safe.

  5. #5
    Join Date
    Jan 2006
    Location
    Warsaw, Poland
    Posts
    5,372
    Thanks
    28
    Thanked 976 Times in 912 Posts
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11 Windows

    Default Re: Basics of Encryption and decryption

    Quote Originally Posted by vermarajeev View Post
    So mean to say I shouldnt disclose my algorithm too...
    A good algorithm is the one that is public and it's still secure. The key is what should be protected.

    Quote Originally Posted by vermarajeev View Post
    he can try all the combinations to guess what algorithm I have used. Isnt that possible???
    Of course it is. There is a limited number of good well-known algorithms. Note that if you use a DLL with encryption routines, one can easily check which one you use simply by checking imported symbols.

    Quote Originally Posted by vermarajeev View Post
    Again since I have written a program to encrypt and decrypt the files using blocks, will it matter?? as the hacker wont be aware of the program I have written. And he needs to first design the program and logic I have used to encrypt and decrypt.
    If the hacker won't have access to your program, his job will be harder, but if the user chooses a good password, he won't be able to do anything without knowing it first.

    Quote Originally Posted by vermarajeev View Post
    Suppose I just encrypted the file ( AES::CBC ) and send it. My friend receives the encrypted file and he knows my 'passpharse' but he doesnt know what program, what language etc. But he guessed it is in AES::CBC. Now he writes a perl program ( his own ) to decrypt the file with same passpharse. Is he going to succeed?
    AES in CBC mode works the same regardless of the programming language, but to decrypt the message, apart from the algorithm, mode and password, you have to know the IV, how was the key derived from the pass phrase and what padding method was used.

  6. The following user says thank you to jacek for this useful post:

    vermarajeev (26th April 2007)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.