PDA

View Full Version : Basics of Encryption and decryption



vermarajeev
26th April 2007, 05:38
Hi All,
This is just to make clear some of the concepts used for encrypting and decrypting a file.

I use crypto++ lib for reference.

Some of common questions:
1) What is a 'seed' in cryptography?
2) I have a plain text file with size say '20kb'. When I encrypt the file the file size is increased. Why?
3) crypto++ provides alogorithms to encrypt and decrypt the files. To either encrypt and decrypt we need to write some logic which can make use of algorithms.
Consider for example I have this code snippet

string EncryptString(const char *instr, const char *passPhrase)
{
string outstr;

DefaultEncryptorWithMAC encryptor(passPhrase, new HexEncoder(new StringSink(outstr)));
encryptor.Put((byte *)instr, strlen(instr));
encryptor.MessageEnd();

return outstr;
}

string DecryptString(const char *instr, const char *passPhrase)
{
string outstr;

HexDecoder decryptor(new DefaultDecryptorWithMAC(passPhrase, new StringSink(outstr)));
decryptor.Put((byte *)instr, strlen(instr));
decryptor.MessageEnd();

return outstr;
}

Now in the above code there is logic to encrypt and decrpt a string.
1) Suppose there is a hacker who knows the passpharse of string and even know what alogorithm was used to encrypt it ( DefaultEncryptorWithMAC in above case). Is it possible for the hacker to decrypt the string with above information(only passpharse and algorithm used) ?
2) What do I call the logic part written above in technical terms? Suppose I want to explain my peers about how I used the logic to encrypt and decrypt the files. Is this what you call 'seed'?
3) I will encrypt a file with say AES::CBC mode and use passpharse 'hello123'. Now I have a friend in Poland whom I send the file by an attachment. I even reveal my passpharse and algorithm used (AES::CBC) but not the logic I have written to encode. Is it possible for my friend to decrypt the file using crypto++ lib?

The above questions might sound stupid so please bear with me?
Thanks

fullmetalcoder
26th April 2007, 08:42
1) Suppose there is a hacker who knows the passpharse of string and even know what alogorithm was used to encrypt it ( DefaultEncryptorWithMAC in above case). Is it possible for the hacker to decrypt the string with above information(only passpharse and algorithm used) ?
If he has the same program as you or know how to write it it won't be a problem... Actually he might not even need such a program if he is as good as jacek... ;)


2) What do I call the logic part written above in technical terms? Suppose I want to explain my peers about how I used the logic to encrypt and decrypt the files. Is this what you call 'seed'?
A seed is generally used to qualify an element of a random number generato (http://en.wikipedia.org/wiki/Random_seed)r but also has many other meanings (http://en.wikipedia.org/wiki/Seed_%28disambiguation%29)... Your peers won't necessarily have knowledge of C++ programming and probably won't be willing to build the encyption/decryption program themselve (would they be able to do it and would they have proper tools...)



3) I will encrypt a file with say AES::CBC mode and use passpharse 'hello123'. Now I have a friend in Poland whom I send the file by an attachment. I even reveal my passpharse and algorithm used (AES::CBC) but not the logic I have written to encode. Is it possible for my friend to decrypt the file using crypto++ lib?
Sure but, again, he will need some knowledge of C++, crypto++ and all the tools needed (i.e. compiler toolchain, library installed, ...) so this is probably not the right way to go...

jacek
26th April 2007, 11:14
2) I have a plain text file with size say '20kb'. When I encrypt the file the file size is increased. Why?
Because you use a block cipher which can encrypt only whole blocks.


3) I will encrypt a file with say AES::CBC mode and use passpharse 'hello123'.
Still AES will be the strongest part of your encryption scheme. And AES is as strong as the password, which should remain secret.

vermarajeev
26th April 2007, 12:20
Because you use a block cipher which can encrypt only whole blocks.


Still AES will be the strongest part of your encryption scheme. And AES is as strong as the password, which should remain secret.

So mean to say I shouldnt disclose my algorithm too... But if the hacker is really good like you( Jacek ) ;) he can try all the combinations to guess what algorithm I have used. Isnt that possible???

Again since I have written a program to encrypt and decrypt the files using blocks, will it matter?? as the hacker wont be aware of the program I have written. And he needs to first design the program and logic I have used to encrypt and decrypt.


Sure but, again, he will need some knowledge of C++, crypto++ and all the tools needed (i.e. compiler toolchain, library installed, ...) so this is probably not the right way to go...
What if he is an expert in some scripting language like perl or ruby. It can also be Java, but doesnt know C++...
Suppose I just encrypted the file ( AES::CBC ) and send it. My friend receives the encrypted file and he knows my 'passpharse' but he doesnt know what program, what language etc. But he guessed it is in AES::CBC. Now he writes a perl program ( his own ) to decrypt the file with same passpharse. Is he going to succeed? Can he decrypt the file? This case happened to me and my friend says ' FILE IS NOT DECRYPTING '. So what should I say the file was encrypted perfectly and is safe.

jacek
26th April 2007, 12:53
So mean to say I shouldnt disclose my algorithm too...
A good algorithm is the one that is public and it's still secure. The key is what should be protected.


he can try all the combinations to guess what algorithm I have used. Isnt that possible???
Of course it is. There is a limited number of good well-known algorithms. Note that if you use a DLL with encryption routines, one can easily check which one you use simply by checking imported symbols.


Again since I have written a program to encrypt and decrypt the files using blocks, will it matter?? as the hacker wont be aware of the program I have written. And he needs to first design the program and logic I have used to encrypt and decrypt.
If the hacker won't have access to your program, his job will be harder, but if the user chooses a good password, he won't be able to do anything without knowing it first.


Suppose I just encrypted the file ( AES::CBC ) and send it. My friend receives the encrypted file and he knows my 'passpharse' but he doesnt know what program, what language etc. But he guessed it is in AES::CBC. Now he writes a perl program ( his own ) to decrypt the file with same passpharse. Is he going to succeed?
AES in CBC mode works the same regardless of the programming language, but to decrypt the message, apart from the algorithm, mode and password, you have to know the IV, how was the key derived from the pass phrase and what padding method was used.