Sign in to follow this  

Data Encryption

This topic is 2320 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi there :)

I have a question:

If I have, for example, 2 .obj files and a obj viewer.

I want to send the viewer that I wrote to my friend Joe, but I don't want him to see/ use those 2 .obj files. :cool:

How can I write a program to encrypt them and put them in another "file"/ format in order to prevent any data access from him ?

Then, how to access those data from my viewer?

Thank you very much in advance

With best wishes,
IceSeven

Post Scriptum: I apologise if you'll find some english mistakes, I'm a french native speaker.:ph34r:

Share this post


Link to post
Share on other sites
Why don't you switch the bytes around.

[code]CVertex* vertices;
int numVertices;
CVertex* encryptedVertices;

encryptedVertices = (CVertex*)malloc(sizeof(CVertex)*numVertices);

unsigned char* verticesBytes = (unsigned char*)vertices;
unsigned char* encryptedVertexBytes = (unsigned char*)encryptedVertices;

for(int i=0; i<sizeof(CVertex)*numVertices; i++)
{
encryptedVertexBytes[sizeof(CVertex)*numVertices-i-1] = verticesBytes[i];
}

for(int i=0; i<sizeof(CVertex)*numVertices; i++)
{
verticesBytes[i] = encryptedVertexBytes[i];
}

free(encryptedVertices);
[/code]

Share this post


Link to post
Share on other sites
If Joe is technical and dedicated, he can overcome your encryption. At some stage the unencrypted data will be in memory, and it can be taken from there. If Joe is a casual user (or a lazy technical user!), you can keep him at bay

One of the simplest options is to bundle all your data into a zip file, then rename the zip file to something else. You can use a library like phyfs to treat the zip as a filesystem. This would defeat all non-technical people, and a curious but undedicated technical attacker might give up here.

Another option would be to XOR the data with a randomly generated "key", potentially combined with the above. At this point an attacker will need to devote time and effort to get around this. Once someone sophisticated enough does start devoting time and effort, it is only a matter of time before they break any additional protections you might add.

Share this post


Link to post
Share on other sites
[quote name='IceSeven' timestamp='1313041922' post='4847511']
If I have, for example, 2 .obj files and a obj viewer.

I want to send the viewer that I wrote to my friend Joe, but I don't want him to see/ use those 2 .obj files. :cool:

How can I write a program to encrypt them and put them in another "file"/ format in order to prevent any data access from him ?

Then, how to access those data from my viewer?
[/quote]

You cannot.

If he attacks the data itself, he [i]can[/i] eventually break it. Attacking the encrypted data is like attacking an armored vehicle; a direct assault will eventually win if keep up for long enough.

If he attacks through side channels, he [i]can[/i] eventually break it. This is an easier attack. It might require stopping in a debugger to peek at memory. It might require reverse engineering the program. Even if the hardware has encrypted memory a determined attacker could emulate the hardware and use that to gain access. The attack might require building a software emulator for the hardware and watching the data as it passes through. The point is that EVENTUALLY a determined attacker can break any system if you have a way to access the data yourself. Side channel attacks will eventually win if kept up long enough.




The best you can do is determine the skill of the attacker, determine the value of the data, determine how long that data will be valuable, determine how much effort you need to protect that data, and invest that much into it.

For example, most governments will only attempt to protect data for a limited number of years. They use security systems that are estimated to take longer than that to break, even considering the rate of hardware changes. One example, about a decade back governments switched to the AES encryption standard. It was well studied, had no known major attacks, etc. Yet they knew smart people would eventually find attacks. Initially it was 2^120 time, which is longer than the expected life of the Universe. Creative attacks and research have brought that down to 2^70 time, and if they have access to certain other data as low as 2^39 time (roughly a half trillion attempts) which is feasible within a few years for a well-funded attacker. Of course, that attack is longer than just breaking in to the secure government facilities through spy networks, which is the normal attack route.

The same is true for your files. You can try encrypting the data and take other steps to protect it, but if he really wants access he can get it. You don't have tons of money to invest in security. So take the simple route, use an off-the-shelf library, and call it good enough.

Share this post


Link to post
Share on other sites
That's true... I heard how there have been several recorded *collisions* (a value that generates the same hash) of the MD5 hashing algorithm and that a collision for the SHA-1 algorithm is estimated soon. Though that has nothing to do with this, I thought that was interesting.

Talks a bit about binary operations for a secure hashing algorithm:

[url="http://www.youtube.com/watch?v=7JNZ8VDsCNg"]http://www.youtube.c...h?v=7JNZ8VDsCNg[/url]

EDIT: Just realized it's from 2009.

Share this post


Link to post
Share on other sites
Wow :blink:

Thank you very much to polyfrag, rip-off and frob for your long answers, I wasn't expecting much :)

Sure, data encryption can't protect data forever, that's what we can see for many games too, which have undocumented file format and a strong data encryption but which could be still extracted :lol:

I was more thinking about a little protection to add, even if it's easy to break.

So I think I'll just use a simple library for this.


Thanks again everyone and have a nice day :D

Bye

Share this post


Link to post
Share on other sites

This topic is 2320 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this