Jump to content
  • Advertisement
Sign in to follow this  
Sigiloso

Encryptor Advice Please

This topic is 3789 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi I am relatively new to Cpp(been working with the language for about a year). I read up on XOR encryption, found it interesting, and decided to write a simple encryption program using the method. My first draft works rather well and runs at a decent speed(IMO). What I am looking for now is some constructive criticism and suggestions for adding features(it is a bit TOO simple). Source Code: Main.cpp:
// our included files
#include <iostream> // for input output operations
#include <fstream> // for file operations
#include <string> // contains the string interface
#include <windows.h> // for timing purposes only

using namespace std; // we use the standard namespace

#define BufferSize 16000000 // Buffer Size set 16mb chage it and recompile if you like :)

char* Buffer = NULL; // this one is important it is our buffer we use it to store temporary data for encryption	

//this function encrypts the data by the XOR method (google it for more info)
void XOR(char* Data,long DataSize)
{
	for(long I = 0; I < DataSize;++I)
	{
		Data = Data^'I';
	}
}
// this is the main BODY of the program (hint... hint...) this function is looped through
// till the user specify's he wants to exit
int Body()
{

	fstream File; // the file interface 
	fstream File2; // a secondary interface 
	string FilePath; // our file path

	long FileSize = 0;long FileStart = 0;long FileEnd = 0; 
	float TimeStart = 0; float TimeEnd = 0; 
	long Location = 0;long temp = 0; // stores our location on the file 
	
	cout<<"Enter File Path:(No Spaces Allowed) \n->";
	cin>>FilePath; 

	File.open(FilePath.c_str(),ios::in|ios::out|ios::binary); 

	//calculate the length of the file
	File.seekg(0,ios::beg); FileStart = File.tellg();
	File.seekg(0,ios::end); FileEnd = File.tellg();
	FileSize = FileEnd - FileStart;
	File.seekg(0,ios::beg);

	if(FileSize < 1) // check to see if the file is acctually open
	{
		cout<<"\nError opening file";
		File.close();
		return 1;
	}

	cout<<"\nOperation Started\n"<<"FileSize: "<<FileSize/1000<<" KB";
	TimeStart = float(GetTickCount()); //start the timer for our operation ;)


	cout<<"\n\nWorking...";

	// if the file is smaller then the buffer size we
	//encrypt the whole thing in one shot

	if(FileSize <= BufferSize) 
	{
		File.seekg(0,ios::beg);
		File.read(Buffer,FileSize);
		XOR(Buffer,FileSize); // function that encrypts the data
		File.seekg(0,ios::beg);
		File.write(Buffer,FileSize);
		File.close();

	}
         /*if the file is bigger then the buffer we encrypt it one piece at a time by filling the buffer encrypting it and flushing it back to the HardDrive*/
	else  
	{
		File2.open(FilePath.c_str(),ios::in|ios::out|ios::binary);
		File.seekg(0,ios::beg);
		File2.seekg(0,ios::beg);
		Location = File.tellg(); // set the current location to the beginning

		while(1<2)//loop through the file until its completely encrypted
		{
			if((FileSize - Location) < BufferSize)//finish and exit
			{
				File.read(Buffer,(FileSize - Location));
				XOR(Buffer,(FileSize - Location));
				File2.write(Buffer,(FileSize - Location));
				File.close();
				File2.close();
				break; // exit the loop now that we are finished
			}
			File.read(Buffer,BufferSize);//read data
			XOR(Buffer,BufferSize); // encrypt data
			File2.write(Buffer,BufferSize);// write encrypted data back
			Location = File.tellg();//update location
		}
				
	}

	TimeEnd = float(GetTickCount()); // done the operation so stop the timer

	// display the time the operation took
	cout<<"\n\nOperation Finnished in: "<<float((TimeEnd - TimeStart) / 1000)<<" Seconds"; 

	return 0;// everything went fine so return 0
}
int main() // our main function(program starts here) 
{
	/*
	this function does nothing more then loop through the 'Body()' function
	and ask the user if he wants to exit after every iteration.
	*/
	bool Exit = false; // a varaible for exiting
	char temp;// for input of y or n at exit screen

	Buffer = new char[BufferSize];// create our buffer
	cout<<"Enigma Encryptor v1.1 \n\n";

	while(Exit == false) // while the user doesn't want out
	{
		Body();// execute the main part of the program

		// ask the user if he wants to exit
		cout<<"\nExit? y/n\n";
		cin>>temp;
		if(temp == 'y'){Exit = true;}
	}

	delete[] Buffer;// delete the buffer do this unless you want on massive memory leak :P
	return 0;// exit with 0
}

I did my best to document the code as much as possible. This is the only source file for the program. Visual Cpp 2008 Express Edition was used to compile it. On my system(p4 3.0ghz., 512mb ram, win XP sp2) it can encrypt a 700mb file in ~30 seconds when compiled in release mode(all compiler optimizations turned on and debugging symbols stripped). Note: To decrypt a file, run it through the program again.

Share this post


Link to post
Share on other sites
Advertisement
I'm sure you know this, but just in case, XOR encryption is dangerously easy to crack.

You could do the following things:

1. Allow specifying the filename on the command line, instead of asking it like that. In fact, your program looks more like a command line tool anyway, so don't make it interactive. You can add some command line option handling.

2. Allow the use of other keys than 'I' and maybe longer keys, so that the characters in the key are applied successively to the characters in the input.

3. Use std::vector<char> or std::string instead of char array.

4. Write your file input routines so that you don't need to know the file size. This allows you to read from sources that don't allow seeking to the end.

Share this post


Link to post
Share on other sites
Writing crypto algorithms is fun, tempting, and fascinating to play with, but please be aware that it's nothing but that. If you have anything to hide, please do yourself a favour and use a proven, established algorithm (AES, Twofish, Blowfish, XXTEA, anything...). Otherwise, you will suffer great pain.
Designing your own crypto algorithm is something only a handful of people on this planet are successful with.

Xor encryption is generally not considered a "serious" encryption at all, because it is very easy (trivial) to break. Never use Xor for something that shouldn't be read by anyone.

The only ways in which Xor encryption can be used are one time pad encryption (perfect security, but impractical, because your key must be as long as the message) or by combining it with a secure random number generator, or a block cipher in OFB mode, or something similar.

If you like playing with cryptography, read up on "Feistel network". It's the base of many/most modern ciphers. Coding a Feistel cipher is quite easy too, and a lot of fun to play with :)

Share this post


Link to post
Share on other sites
What if you compress it first and then XOR it with a 256 character long key? Would that have atleast some security?

I mainly try to keep ppl away that have no knowledge and just try to get the files. That is basically 99% of the ppl that look for your files. For that other 1%, or even less you'd use/buy a better encryption.

If they want, they can crack it. Simple as that. But what you should be aiming for, is making it as hard as possible.

Share this post


Link to post
Share on other sites
xor encryption is horrendously easy to break. for one, you can break it a piece at a time, because if your program trying to break it is doing statistical tests it might find a pattern its looking for and just not change that part of the key, and narrow down the size of the search even further.

i broke one as part of a projecteuler.net problem.

Share this post


Link to post
Share on other sites
Quote:
Original post by ibebrett
xor encryption is horrendously easy to break.


Bad XOR encryption is. If you can guarantee that your key is used once and only once, is completely random, is at least the same length as the plaintext, and (more importantly) is completely secure then it's basically unbreakable (you have a one time pad; of course, as soon as you start reusing the key, it's trivially broken – the Soviets fell down here, AFAIK).

But for more practical purposes, you are better off using something else.

Share this post


Link to post
Share on other sites
Quote:
Original post by Decrius
What if you compress it first and then XOR it with a 256 character long key? Would that have atleast some security?

Why not just use some better encryption algorithm? If you compress it with some well-known compression scheme, you'll only make it easier to crack, since it becomes easy to guess what the first bytes should be, giving away parts of the key.

Share this post


Link to post
Share on other sites
assumming that your data your encrypting is pretty random, then yes it is practically unbreakable,

but if your data is easy to spot, you can break the key a piece at a time

Share this post


Link to post
Share on other sites
Quote:
Original post by Decrius
What if you compress it first and then XOR it with a 256 character long key? Would that have atleast some security?
Compressing data before encrypting is a well-known method to increase the strength of the encryption (since there's less entropy) - regardless of the encryption algorithm.
However, for Xor encryption it means that you need 1-2 minutes instead of 10 seconds to crack it.

As always the question is "what do you want?". If keeping your 9 year old sister (or your mother) from reading your love letters is your goal, then Xor will work just fine. If preventing a noob user from reading your level files is your goal, it'll probably still work. But for everything else, it will fail, and you'll not only have the damages, but people will probably laugh at you, too.
Imagine it turns out that you used Xor encryption (or something similarly cheap) for the communication between your game clients and the server, and someone eavesdropped 5000 passwords over night only because you didn't use a proper algorithm. That would be so embarrassing, and it would be on every blog worldwide, for sure.

A "good" encryption doesn't perform much slower than a bad one (for example, AES runs at 85 MB/s on my system), but is a lot harder (near impossible for most people) to crack.

It is still hard enough to create something secure when using a good crypto algorithm, and still easy enough to create something entirely unsafe even then (unwillingly).

Share this post


Link to post
Share on other sites
Quote:
Original post by Decrius
What if you compress it first and then XOR it with a 256 character long key? Would that have atleast some security?


It's still symetric encryption.

In geneeral, such assumptions lead to some dangerous mistakes. For example, wouldn't it be much safer, if you encrypt it twice with XOR?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!