Save and load crypted XML

"nano2k" <ad***********@ikonsoft.rowrote in message
news:11**********************@d55g2000hsg.googlegr oups.com...

Hi

I need to save / load XML data in crypted format.
I'm using .net 1.1.

Thanks.

What you really need is a specification.

Decide how you are going to encrypt, and equalising both sides of the
equation on transposition; how you are going to decrypt. These steps
pre-empt input and output, and no, generic methods are not secure because
they are anticipated - so anyone with enough computing power can hack the
cryptotext via the method until they get something that makes linguistic
sense (as opposed to progressively cracking the cryptotext directly until a
crib displaying linguistic distribution and structure shows up).

I'll let someone else deal with the XML functionality of .NET and we're not
done with encryption yet.

You have to assume that by encrypting your data, you are not so much as
keeping anyone out but buying time until that data is compromised. So you
need to build masking into your algorithm. Masking is where, depending on
which of a dozen or more keys, the derived plaintext can say one of a dozen
or more different things - all linguistically correct with respect to the
field or context of the material you are encrypting. This way, your
cryptotext can be hacked to no legal avail (which does nothing to stop any
oil-drum holidays if your data is officially sensitive). Masking is also a
great way to put off amateur hackers, although I doubt there are many of
these who are capable of even cracking a simple Caesar Cipher. The issue
here is that if your method becomes known, then some script kiddie with a
password testing program is probably going to stop at the first decoy,
thinking s/he's cracked your code.

How you choose to encrypt and/or mask is your private business. Just
remember to balance both sides of the equation when you do the necessary
transposition. This can involve a lot of mathematics, hard work, and if you
weren't listening in Form 2 (Year 8 of school) it may prove frustrating as
well.

Cryptography requires bug-free algorithms, which is why when done by hand,
the origin resets regularly. As with all software development, a good
testbed is the key to bug-free software and often as not, a good testbed and
a little experimentation can help you find out how to make something you
don't quite understand work anyway.

Good luck...

--
Timothy Casey GPEMC! >11950 is the nu****@fieldcraft.com.au 2email
Terms & conditions apply. See www.fieldcraft.biz/GPEMC
www.fieldcraft.biz & www.speed-reading-comprehension.com
www.geologist-1011.com & www.web-design-1011.com

On 17 Sep, 00:40, "Number 11950 - GPEMC! Replace number with 11950"
<num...@fieldcraft.bizwrote:

"nano2k" <adrian.rot...@ikonsoft.rowrote in message

news:11**********************@d55g2000hsg.googlegr oups.com...

Hi

I need to save / load XML data in crypted format.
I'm using .net 1.1.

Thanks.

What you really need is a specification.

Decide how you are going to encrypt, and equalising both sides of the
equation on transposition; how you are going to decrypt. These steps
pre-empt input and output, and no, generic methods are not secure because
they are anticipated - so anyone with enough computing power can hack the
cryptotext via the method until they get something that makes linguistic
sense (as opposed to progressively cracking the cryptotext directly until a
crib displaying linguistic distribution and structure shows up).

I'll let someone else deal with the XML functionality of .NET and we're not
done with encryption yet.

You have to assume that by encrypting your data, you are not so much as
keeping anyone out but buying time until that data is compromised. So you
need to build masking into your algorithm. Masking is where, depending on
which of a dozen or more keys, the derived plaintext can say one of a dozen
or more different things - all linguistically correct with respect to the
field or context of the material you are encrypting. This way, your
cryptotext can be hacked to no legal avail (which does nothing to stop any
oil-drum holidays if your data is officially sensitive). Masking is also a
great way to put off amateur hackers, although I doubt there are many of
these who are capable of even cracking a simple Caesar Cipher. The issue
here is that if your method becomes known, then some script kiddie with a
password testing program is probably going to stop at the first decoy,
thinking s/he's cracked your code.

How you choose to encrypt and/or mask is your private business. Just
remember to balance both sides of the equation when you do the necessary
transposition. This can involve a lot of mathematics, hard work, and if you
weren't listening in Form 2 (Year 8 of school) it may prove frustrating as
well.

Cryptography requires bug-free algorithms, which is why when done by hand,
the origin resets regularly. As with all software development, a good
testbed is the key to bug-free software and often as not, a good testbed and
a little experimentation can help you find out how to make something you
don't quite understand work anyway.

Good luck...

--
Timothy Casey GPEMC! >11950 is the num...@fieldcraft.com.au 2email
Terms & conditions apply. Seewww.fieldcraft.biz/GPEMCwww.fieldcraft.biz&http://www.speed-reading-comprehensi...esign-1011.com

Hi, thanks for your response.
I'm not trying to encrypt money transaction information, I'm trying to
cache something on client side of a client/server app. It's some
general data, but I decided to keep it out from the eyes of a simple
pc user, not from the eyes of a hacker. I'm not really trying to
secure data, but all I want is to prevent the user from changing
(accidentally or not) cached data. If data is changed, new data
should be retrieved from the server..
The data is kept in memory in XML format. When the user closes the
client application, I want to save the data, so it'll be used next
time the app is started. I also need to make sure that the data was
not changed betweens work sessions, so I thought that encrypting the
file should do the trick without the need to store "somewhere"
additional data, like CRC of file, etc.
If something is changed, the file decoding would fail, so I should
require new data from server.

"nano2k" <ad***********@ikonsoft.rowrote in message
news:11**********************@r29g2000hsg.googlegr oups.com...
[SNIP]

>
Hi, thanks for your response.
I'm not trying to encrypt money transaction information, I'm trying to
cache something on client side of a client/server app. It's some
general data, but I decided to keep it out from the eyes of a simple
pc user, not from the eyes of a hacker. I'm not really trying to
secure data, but all I want is to prevent the user from changing
(accidentally or not) cached data. If data is changed, new data
should be retrieved from the server..
The data is kept in memory in XML format. When the user closes the
client application, I want to save the data, so it'll be used next
time the app is started. I also need to make sure that the data was
not changed betweens work sessions, so I thought that encrypting the
file should do the trick without the need to store "somewhere"
additional data, like CRC of file, etc.
If something is changed, the file decoding would fail, so I should
require new data from server.

Just a simple polar spin should do the trick, although non-hackers are put
off by binary so when you write your XML string, just read & write to file
as binary...

Good luck...

--
Timothy Casey GPEMC! >11950 is the nu****@fieldcraft.com.au 2email
Terms & conditions apply. See www.fieldcraft.biz/GPEMC
www.fieldcraft.biz & www.speed-reading-comprehension.com
www.geologist-1011.com & www.web-design-1011.com