473,320 Members | 2,092 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Encrypt String

How can I encrypt and decrypt string?
Nov 16 '05 #1
14 7642

"msnews.microsoft.com" <da*********@hotmail.com> wrote in message
news:um**************@TK2MSFTNGP10.phx.gbl...
How can I encrypt
XOR it with a protection string of the same length of the string that you
are encrypting

and decrypt string?

XOR it with the exact same protection string


if you do not publish the protection string, your encrypted string in
unbreakable!

regards
roy fine
Nov 16 '05 #2
Hello
if you do not publish the protection string, your encrypted string in
unbreakable!


The XOR method is breakable is someone has an encrypted string and a clear
text string.
If you XOR the clear text string and the encrypted string you get the
protection string

The best way is to use the encryption methods in .NET crypto API in
System.Security.Cryptography namespace.
You can use DES, TripleDES, RC1 or Rijndael algorithms for symmetric
ecryption,
or RSA algorithm for asymmetric encryption
or SHA1 or MD5 for hashing.

Symmetric encryption has one key that is used for encryption and decryption.
Asymetric encryption has a public key and a private key. The public key is
used for encryption, and only they private key can decrypt the data.
With Hashing, which commonly used for passwords, there is no key. and the
process is irreversible, unless the password is too short, or easy to guess
(a name or dictionary word for example)
You can find more with examples on this in MSDN documentation.

Best regards,
Sherif
Nov 16 '05 #3

"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Hello
if you do not publish the protection string, your encrypted string in
unbreakable!
The XOR method is breakable is someone has an encrypted string and a clear
text string.
If you XOR the clear text string and the encrypted string you get the
protection string


The following is a proven fact --
if you do not publish the protection string, your encrypted string in
unbreakable!


other methods are breakable, but not in finite time!

roy fine
Nov 16 '05 #4
> if you do not publish the protection string, your encrypted string in
unbreakable!
No, not quite!

If you have the facility to run your own code against the algorithm, it can
be easily broken. An example would be where you can read a password field in
a database, and see what your own (known) password "encrypts" to. Anyone
with basic cryptography knowledge should be able to glean the encryption key
within an hour. And being a symmetrical algorithm, you can run it against
all other passwords and get the plaintext.

Then you can try those passwords against other machines that the users may
have access to.... Your hacking career has begun!

Operating systems based on UNIX have been using salted encryption algorithms
for years. These are reasonably safe, although not unbreakable.

The "unbreakable" that you refer to is for one-time pads, and these are not
the norm in computer systems.

Regards

Ron
"Roy Fine" <rl****@twt.obfuscate.net> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Hello
if you do not publish the protection string, your encrypted string in
unbreakable!


The XOR method is breakable is someone has an encrypted string and a clear text string.
If you XOR the clear text string and the encrypted string you get the
protection string


The following is a proven fact --
if you do not publish the protection string, your encrypted string in
unbreakable!


other methods are breakable, but not in finite time!

roy fine

Nov 16 '05 #5
> if you do not publish the protection string, your encrypted string in
unbreakable!
No, not quite!

If you have the facility to run your own code against the algorithm, it can
be easily broken. An example would be where you can read a password field in
a database, and see what your own (known) password "encrypts" to. Anyone
with basic cryptography knowledge should be able to glean the encryption key
within an hour. And being a symmetrical algorithm, you can run it against
all other passwords and get the plaintext.

Then you can try those passwords against other machines that the users may
have access to.... Your hacking career has begun!

Operating systems based on UNIX have been using salted encryption algorithms
for years. These are reasonably safe, although not unbreakable.

The "unbreakable" that you refer to is for one-time pads, and these are not
the norm in computer systems.

Regards

Ron
"Roy Fine" <rl****@twt.obfuscate.net> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Hello
if you do not publish the protection string, your encrypted string in
unbreakable!


The XOR method is breakable is someone has an encrypted string and a clear text string.
If you XOR the clear text string and the encrypted string you get the
protection string


The following is a proven fact --
if you do not publish the protection string, your encrypted string in
unbreakable!


other methods are breakable, but not in finite time!

roy fine

Nov 16 '05 #6
Ron -- see inline

"Ron McNulty" <rm******@despam.xtra.co.nz> wrote in message
news:OM**************@tk2msftngp13.phx.gbl...
if you do not publish the protection string, your encrypted string in
unbreakable!
No, not quite!

If you have the facility to run your own code against the algorithm, it

can be easily broken. An example would be where you can read a password field in a database, and see what your own (known) password "encrypts" to. Anyone
with basic cryptography knowledge should be able to glean the encryption key within an hour. And being a symmetrical algorithm, you can run it against
all other passwords and get the plaintext.

I'll publish a file containing a stream of encrypted bytes. I'll keep the
encrypting stream hidden. I'll also tell you that the encrypting string is a
sequence of non-repeating random values (that was the basis of my first
post). I'll even publish the program/algorithm used to encrypt the data.
I'll offer you or anyone some great sum of money if you can find the message
hidden in the encrypted stream. I'll also tell you that the eleven
characters preceeding the hidden message are "HELLO WORLD". I'll give you
100 years to do the work. You get one shot at answering - i.e., you cant
make 1 million guesses.

Consider this link:
http://msdn.microsoft.com/library/de...techniques.asp

and as the length of the encrypting key approaches the length of the
original string/stream, so does the strength of the algorithm approach
"unbreakable".

Then you can try those passwords against other machines that the users may
have access to.... Your hacking career has begun!

Operating systems based on UNIX have been using salted encryption algorithms for years. These are reasonably safe, although not unbreakable.

SALT is not germain here. That is a technique used to make strong
algorithms stronger, but applies only to certain algorithms - not trivial
XOR scheme.
The "unbreakable" that you refer to is for one-time pads, and these are not the norm in computer systems.

No, the "unbreakable" that I refer to is really just simple unbreakable.
For short strings, XOR is far superior to other methods - it is faster, and
simpler to implement. The disadvantage of the XOR is that for true
unbreakable, the encoding string MUST be the same length as the original
string (i.e. no repeating patterns that could be used to break the code).
Because of the length requirement of the encoding string, the XOR method as
a general solution, it becomes unmanagable - but is is quite strong!

If I keep the encoding string private, then you can not break my encoded
string. But that in and of itself is not a limitation ofthe XOR scheme -
using any other algorithm, you either have a symetric key or a private key
that you also MUST keep private - the only difference is the size of the
required encoding key for arbitrary length input strings (or streams)...

regards
roy fine
ps - search google using this:
Xorring with a key as long as the message is the strongest encryption

here are a couple of additional links:
http://www.mit.edu:8008/bloom-picayu...edu/perl/10138

http://groups.google.com/groups?hl=e....psi.net#link6
Regards

Ron
"Roy Fine" <rl****@twt.obfuscate.net> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...

"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Hello

> if you do not publish the protection string, your encrypted string in > unbreakable!

The XOR method is breakable is someone has an encrypted string and a clear text string.
If you XOR the clear text string and the encrypted string you get the
protection string


The following is a proven fact --
if you do not publish the protection string, your encrypted string in
unbreakable!


other methods are breakable, but not in finite time!

roy fine


Nov 16 '05 #7
Ron -- see inline

"Ron McNulty" <rm******@despam.xtra.co.nz> wrote in message
news:OM**************@tk2msftngp13.phx.gbl...
if you do not publish the protection string, your encrypted string in
unbreakable!
No, not quite!

If you have the facility to run your own code against the algorithm, it

can be easily broken. An example would be where you can read a password field in a database, and see what your own (known) password "encrypts" to. Anyone
with basic cryptography knowledge should be able to glean the encryption key within an hour. And being a symmetrical algorithm, you can run it against
all other passwords and get the plaintext.

I'll publish a file containing a stream of encrypted bytes. I'll keep the
encrypting stream hidden. I'll also tell you that the encrypting string is a
sequence of non-repeating random values (that was the basis of my first
post). I'll even publish the program/algorithm used to encrypt the data.
I'll offer you or anyone some great sum of money if you can find the message
hidden in the encrypted stream. I'll also tell you that the eleven
characters preceeding the hidden message are "HELLO WORLD". I'll give you
100 years to do the work. You get one shot at answering - i.e., you cant
make 1 million guesses.

Consider this link:
http://msdn.microsoft.com/library/de...techniques.asp

and as the length of the encrypting key approaches the length of the
original string/stream, so does the strength of the algorithm approach
"unbreakable".

Then you can try those passwords against other machines that the users may
have access to.... Your hacking career has begun!

Operating systems based on UNIX have been using salted encryption algorithms for years. These are reasonably safe, although not unbreakable.

SALT is not germain here. That is a technique used to make strong
algorithms stronger, but applies only to certain algorithms - not trivial
XOR scheme.
The "unbreakable" that you refer to is for one-time pads, and these are not the norm in computer systems.

No, the "unbreakable" that I refer to is really just simple unbreakable.
For short strings, XOR is far superior to other methods - it is faster, and
simpler to implement. The disadvantage of the XOR is that for true
unbreakable, the encoding string MUST be the same length as the original
string (i.e. no repeating patterns that could be used to break the code).
Because of the length requirement of the encoding string, the XOR method as
a general solution, it becomes unmanagable - but is is quite strong!

If I keep the encoding string private, then you can not break my encoded
string. But that in and of itself is not a limitation ofthe XOR scheme -
using any other algorithm, you either have a symetric key or a private key
that you also MUST keep private - the only difference is the size of the
required encoding key for arbitrary length input strings (or streams)...

regards
roy fine
ps - search google using this:
Xorring with a key as long as the message is the strongest encryption

here are a couple of additional links:
http://www.mit.edu:8008/bloom-picayu...edu/perl/10138

http://groups.google.com/groups?hl=e....psi.net#link6
Regards

Ron
"Roy Fine" <rl****@twt.obfuscate.net> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...

"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Hello

> if you do not publish the protection string, your encrypted string in > unbreakable!

The XOR method is breakable is someone has an encrypted string and a clear text string.
If you XOR the clear text string and the encrypted string you get the
protection string


The following is a proven fact --
if you do not publish the protection string, your encrypted string in
unbreakable!


other methods are breakable, but not in finite time!

roy fine


Nov 16 '05 #8
Hello
XOR is breakable and below is a code to demonstrate, i am using ints, but
the same applies to strings

Random r = new Random();
int secret = r.Next(); // this is hidden
int clear = r.Next(); // i know this one
int encrypted = secret ^ clear; // i know this one too
int hacked = encrypted ^ clear; // now i know the secret
Console.WriteLine(hacked == secret);

Best regards
Sherif

"Roy Fine" <rl****@twt.obfuscate.net> wrote in message
news:#N**************@tk2msftngp13.phx.gbl...

"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
Hello
if you do not publish the protection string, your encrypted string in
unbreakable!


The XOR method is breakable is someone has an encrypted string and a clear text string.
If you XOR the clear text string and the encrypted string you get the
protection string


The following is a proven fact --
if you do not publish the protection string, your encrypted string in
unbreakable!


other methods are breakable, but not in finite time!

roy fine

Nov 16 '05 #9
Hello

Give me a clear text string, a string encrypted with your hidden key using
the XOR method.
Then give me another string encrypted with the same key, it will take me
less than one minute to decrypt it, because I will know the key.

Consider the following scenario.
Suppose I have a web site, where the member's passwords are stored encrypted
using XOR in a database.
Some how a hacker was able to gain access to the database (due to a security
hole, new vulnerability, unpatched server, bad administrator, etc), but he
doesn't have access to the key to decrypt the passwords.
So he registers a new account for himself in my web site (he knows the
password for this account because he created it), then he looks at his own
ecrypted password.
Now he can easily know the encryption key, and can decrypt all other
passwords.

Best regards
Sherif
Nov 16 '05 #10

"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Hello

Give me a clear text string, a string encrypted with your hidden key using
the XOR method.
OK - done!
Then give me another string encrypted with the same key, it will take me
less than one minute to decrypt it, because I will know the key.

No way - you must be crazy. I said to keep the encrypting key hidden - that
means hiding the key and all derivative forms of it! You are making up
stuff now. XOR is unbreakable, but it is a one time use, and it must be the
same size as the clear text string.

read the links i provided....

regards
roy fine

Consider the following scenario.
Suppose I have a web site, where the member's passwords are stored encrypted using XOR in a database.
Some how a hacker was able to gain access to the database (due to a security hole, new vulnerability, unpatched server, bad administrator, etc), but he
doesn't have access to the key to decrypt the passwords.
So he registers a new account for himself in my web site (he knows the
password for this account because he created it), then he looks at his own
ecrypted password.
Now he can easily know the encryption key, and can decrypt all other
passwords.

That's a good example of PSS - Pretty Stupid Security.

Please read the links I provided -- this case is clearly examined and dealt
with there!

The OP asked for one thing and one thing only - how to encrypt and decrypt a
string.

XOR works wonderfully if you can live with its restrictions - and that is
why there are many alternatives.

I never suggested using XOR as the only way, but until the OPs requirements
get a bit better defined, XOR is as good as it gets.

regards
roy fine
Best regards
Sherif

Nov 16 '05 #11
Sherif ElMetainy <el*************@wayout.net.NOSPAM> wrote:
XOR is breakable
No - XOR is *not* breakable if the sequence of values to XOR with is
entirely secret, genuinely random and never reused.
and below is a code to demonstrate, i am using ints, but
the same applies to strings

Random r = new Random();
int secret = r.Next(); // this is hidden
int clear = r.Next(); // i know this one
int encrypted = secret ^ clear; // i know this one too
int hacked = encrypted ^ clear; // now i know the secret
Console.WriteLine(hacked == secret);


That assumes the same secret is used twice. In a true one-time-pad
system (which is what is being hinted at) the same XOR value is never
used twice.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 16 '05 #12
Hello

I was talking about reusing the key, which is the case in most scenarios In
this case it is breakable.

Best regards,
Sherif

"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om...
Sherif ElMetainy <el*************@wayout.net.NOSPAM> wrote:
XOR is breakable


No - XOR is *not* breakable if the sequence of values to XOR with is
entirely secret, genuinely random and never reused.
and below is a code to demonstrate, i am using ints, but
the same applies to strings

Random r = new Random();
int secret = r.Next(); // this is hidden
int clear = r.Next(); // i know this one
int encrypted = secret ^ clear; // i know this one too
int hacked = encrypted ^ clear; // now i know the secret
Console.WriteLine(hacked == secret);


That assumes the same secret is used twice. In a true one-time-pad
system (which is what is being hinted at) the same XOR value is never
used twice.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Nov 16 '05 #13
Hello

I was talking about reusing the key, which is the case in many scenarios. In
this case XOR is breakable.

Best regards,
Sherif

"Roy Fine" <rl****@twt.obfuscate.net> wrote in message
news:OO**************@TK2MSFTNGP10.phx.gbl...

"Sherif ElMetainy" <el*************@wayout.net.NOSPAM> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Hello

Give me a clear text string, a string encrypted with your hidden key using the XOR method.
OK - done!
Then give me another string encrypted with the same key, it will take me
less than one minute to decrypt it, because I will know the key.


No way - you must be crazy. I said to keep the encrypting key hidden -

that means hiding the key and all derivative forms of it! You are making up
stuff now. XOR is unbreakable, but it is a one time use, and it must be the same size as the clear text string.

read the links i provided....

regards
roy fine

Consider the following scenario.
Suppose I have a web site, where the member's passwords are stored encrypted
using XOR in a database.
Some how a hacker was able to gain access to the database (due to a

security
hole, new vulnerability, unpatched server, bad administrator, etc), but he doesn't have access to the key to decrypt the passwords.
So he registers a new account for himself in my web site (he knows the
password for this account because he created it), then he looks at his own ecrypted password.
Now he can easily know the encryption key, and can decrypt all other
passwords.


That's a good example of PSS - Pretty Stupid Security.

Please read the links I provided -- this case is clearly examined and

dealt with there!

The OP asked for one thing and one thing only - how to encrypt and decrypt a string.

XOR works wonderfully if you can live with its restrictions - and that is
why there are many alternatives.

I never suggested using XOR as the only way, but until the OPs requirements get a bit better defined, XOR is as good as it gets.

regards
roy fine
Best regards
Sherif


Nov 16 '05 #14
Sherif ElMetainy <el*************@wayout.net.NOSPAM> wrote:
I was talking about reusing the key, which is the case in most scenarios In
this case it is breakable.


I dare say you were - but you were the one who introduced the idea of
reusing the key. It's like saying that some other encryption scheme
isn't secure because you might publish the private key. Every
encryption scheme has something you shouldn't do, otherwise it's no
longer secure. In the case of XOR operations like this, reusing the key
(or using a non-random source for the key) is one of those things.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 16 '05 #15

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: wqhdebian | last post by:
As far as I know,when encrypt or decrypt ,a key must first be got,and the key is first generate by a tool or from SecurityRandom,that means I can not generate the same key with the same input.Does...
20
by: Drebin | last post by:
It's a long story really, but the bottom line is we need to encrypt or obfuscate a clear-text 9-digit SSN/taxpayer ID into something less than 21 characters. It doesn't need to be super-secure,...
7
by: Matthias S. | last post by:
Hi, I had a look at the vast information on encryption in the MSDN and got pretty confused. All I want to do is to encrypt a string into an encrypted string and later decrypt that (encrypted)...
8
by: Gidi | last post by:
Hi, Is there Buid-In fuction in C# that Encrypt and Decrypt strings? i have a textbox which i'm writing into file, and i want to encrypt it before writing, i'm not looking for something fancy,...
8
by: toupeira23 | last post by:
Hello, I'm trying to encrypt passwords in my app. After discovering that there's no simple function to do this, I wrote a wrapper class which decodes a string using UTF8, encrypts it with...
2
by: rino100 | last post by:
can anyone tell me why this c++ code works encrypting simple filenames but instead if you try to encrypt a filename like "video - 833 12_ ..avi" it doesn't rename the file?????? #include...
4
by: Islamegy® | last post by:
I give up.. I tried everything to encrypt querystring and decrypt it back but this never success.. i use RSA encryption. I always get excption when Convert fromBase64String so i tried...
2
by: fineman | last post by:
Hi all, I want to get a 64bit(8 bytes) Encrypt result use DES class in the VS2005. Though I encrypt data is 64bit(8 bytes), but DES return encrypt result that always is 128bit(16 bytes), I don't...
3
by: JDeats | last post by:
I have some .NET 1.1 code that utilizes this technique for encrypting and decrypting a file. http://support.microsoft.com/kb/307010 In .NET 2.0 this approach is not fully supported (a .NET 2.0...
0
by: lildiapaz | last post by:
Hi, everyone I'm developing a c# windows application that allows the user to encrypt any file type. i would like to encrypt the file using a powerful encrypting algorithm. I've tried to use the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.