Re: How to encrypt a string?

Subject:	Re: How to encrypt a string?
From:	Konrad Rosenbaum
Date:	Thu, 1 Nov 2007 20:20:27 +0200

On Thursday 01 November 2007, Peter Hackett wrote:
> It seems like this conversation isn't taking into account the
> http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
> suggestion. The code is *really* small (and seems to be reasonably easy
> to understand.) So small that I'll include it here:

Yes, according to Wikipedia the algorithm seems to be sufficient for the 
purpose. I would not recommend to use it under any other circumstances. A 
strength of 32 bit is clearly not enough for any serious encryption.

A few warnings about the code you provided: 

1) you should use quint32 instead of unsigned long, otherwise it will not 
work on 64bit systems (eg. some Windows versions on x86_64 hardware(*)).

(*)Never say never! The next system is just one compile away and when it is 
time for it, it needs to be done within a day - the customer wanted it last 
week and is already calling every hour or so.

Better add this to your code to be warned:
#if sizeof(quint32) != 4
#error No pure 32bit integer available!
#endif

2) It requires some skill in coding, since it works in blocks of 64bit with 
32bit words. Simple pointer conversion will not work and length should be 
checked! Hint: QByteArray works with unsigned chars which become very nasty 
if they contain non-ASCII characters (>=0x80) and are converted to bigger 
ints...

3) It is a block cipher. Hence it needs an end-marker. If NUL-bytes (0x00) 
are not allowed in passwords this would be the easiest marker, otherwise 
cryptographic protocols usually append 0x80 to the clear data and fill the 
remainder of the block with 0x00 bytes - this way you can look from the 
back, throw away all 0x00 bytes until 0x80 is reached, throw away 0x80 as 
well and use the remainder.

4) You should follow the Wikipedia link to the test vectors and use them on 
your implementation on all your target platforms in order to make sure you 
did not make any mistakes.

All this does not need extraordinary knowledge in cryptography, but at least 
a bit of experience which I would not like to gain on a work project that 
needs to be done yesterday... ;-)

        Konrad

<Prev in Thread]	Current Thread	[Next in Thread>
Re: How to encrypt a string?, (continued) Re: How to encrypt a string?, Chris Thompson Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Chris Thompson Re: How to encrypt a string?, Peter Hackett Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Adam M Re: How to encrypt a string?, Konrad Rosenbaum Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Peter Hackett Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Konrad Rosenbaum <= Re: How to encrypt a string?, Konrad Rosenbaum Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Adam M Re: How to encrypt a string?, Konrad Rosenbaum Re: How to encrypt a string?, Dave Smith Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Brad Pepers Re: How to encrypt a string?, Mike Broida Re: How to encrypt a string?, Sergei Stolyarov

Previous by Date:	Re: How to encrypt a string?, Mike Broida
Next by Date:	Re: QVariant, Slots and Signals, Sergei Stolyarov
Previous by Thread:	Re: How to encrypt a string?, Mike Broida
Next by Thread:	Re: How to encrypt a string?, Konrad Rosenbaum
Indexes:	[Date] [Thread] [Top] [All Lists]