Sparda Posted March 7, 2008 Share Posted March 7, 2008 I had to write a program that uses password based encryption for an assignment. I Just wonder if any one fancies a go at testing it's effectiveness. As per password based encryption design, we have to save a salt, the encrypted session key and the encrypted text of course. That is exactly what is in this file. A few more details that you might want if you don't feel like you want to run in to a dark room with a blind fold on: It's inputs are all text (it's only inputs been the password and plain text). The program is written in Java 1.6, the contents of the file are object outputs, they where output in the order of salt, encrypted session key and encrypted text as byte arrays, so to read them back in you need to do some thing like this: salt = (byte[])objectIn.readObject(); encryptedKey = (byte[])objectIn.readObject(); encryptedText = (byte[])objectIn.readObject(); The method used to produce the salt is: The key encryption key (which is used to encrypt the session key) output is always 35 characters long. To generate this the program takes the first byte of the password and salt, multiply them together and then modulo 127. It does that for every byte, when it gets to the end of the password it just starts at the front if the password (even if longer than 35), as, every time it reaches the 35th byte of the hash, it starts again, except the first byte of the password and been moved to be the last byte of the password. It iterates threw this process 100 times. The session key is randomly generated. The session key is also 35 bytes. The encryption key is cut down to match the length of the plain text (this is probably it's weak spot, so the encrypted text is the same length as the unencrypted text). The plain text and session key are xor'ed to produce the encrypted text (which his the last object in the file). Then the session key is xor'ed with the key encryption key, this is the second object in the file. The key encryption key is not saved. I'm not asking any one to do any work for me, just wonder if any one can prov that my encryption is rubbish and how I can improve on it. Edit: Just post the numeric values of the bytes in each array if you manage to crack it. I know it's vulnerable to brute force as is all encryption. I'm more concerned about design or algorithm flaws (such as splitting the password in half like a certain OS like to do). If you don't want to tell me about any flaws you find befor I hand in my assignment, wait until Tuesday. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 10, 2008 Author Share Posted March 10, 2008 Does any one care to comment with a yes/no response to: "Does my program contain any more flaws other than that of the encryption key been cut down to match the length of the plain text?" Quote Link to comment Share on other sites More sharing options...
snakey Posted March 10, 2008 Share Posted March 10, 2008 There are always flaws Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 10, 2008 Author Share Posted March 10, 2008 There are always flaws Yes of course. That's a given. I'm talking about blatantly obvious ones. Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted March 19, 2008 Share Posted March 19, 2008 Id be glad to. I know a bit a bout basic encryption. Drop me a line on skype: poyboy314159 Quote Link to comment Share on other sites More sharing options...
Sparda Posted April 11, 2008 Author Share Posted April 11, 2008 Just for a bit of closure, I get the assignment back and it got me a B. Apparently I had to display the randomly generated salt and session keys on the gui. The code submitted is here. See if you can find a return that probably shouldn't belong ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.