Encryption questions - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Encryption questions

Message

21/12/2007 01:25:09

Christof Wollenhaupt
Foxpert
Norderstedt, Allemagne

19/12/2007 18:21:35

Jim Newsom
Icg, Inc.
Dallas, Texas, États-Unis

Information générale

Forum:

Visual FoxPro

Catégorie:

Produits tierce partie

Titre:

Re: Encryption questions

Versions des environnements

Visual FoxPro:

VFP 9 SP1

OS:

Windows XP SP2

Network:

Windows 2000 Server

Database:

Visual FoxPro

Divers

Thread ID:

01276712

Message ID:

01276945

Vues:

This message has been marked as a message which has helped to the initial question of the thread.

Hi JIm,

>1. Field length. Is the encrypted text produced going to be the same length as the plaintext? If not, can I know it will fit within the field size for the original field?

I can't comment on Craig's FLL. However, with the Crypto API there are block and stream ciphers. Stream ciphers return strings of the same length as the original field. However, they are completely insecure when you use the same password for every record.

>2. If I store only the encrypted value, how might I maintain a usable index? By making the expression Decrypt(field_name,mykey)?

The only option you have is to index the field without decrypting it and searching only for exact matches. You do this by padding the search expression, if you encrypt a field with blanks at the end. Encrypt the search expression and search for a match. This will only work if you use the same password on all records, which is only an option with block ciphers or secure stream ciphers.

You should never create an index on the decrypted version because that will allow anyone to recreate the content of the encrypted field without knowing the password.

>3. It seems I'm now faced with what to do with the key, so as not to make this whole exercise moot? If I did the above, I'd be embedding the key in the table and that would be unwise.

Hiding the key is a problem. There is always a possibility to obtain the key, but it can be difficult to do so. If it's a programmatic key, I'd recommend to create a function that returns a sufficiently long key of characters that are not on the keyboard. This function shouldn't use a variable to store the password. When you pass the password, call the password function. Do not store the result in a variable. Here's an example of what such a function might look like (and don't call it anything like GetPassword):

*========================================================================================
* Returns a password
*========================================================================================
Return ;
  Iif(Asc(Vartype(__Screen))=85,Chr(P1()),Bitand(P2(),P3()))+;
  Chr(p4(3)%P6()) + P7() + P8() + p9() + p11() +Chr(p13()) + ;
  Iif(p14()="³",Upper(p14()),Lower(P14()))
	
Procedure P1
Return Round(RTOD(ACOS(0.2439)),0)

Procedure P2
Return 0xCf

Procedure P3
Return Left(Right(Sys(16,1),8),1)

Procedure p4(t)
Return Iif(t>0,P4(t-1)*p4(t-2),Val(Substr(Sys(9),8,1)))

Procedure p5
Return 2*128

Procedure p6
Return (2^9)-(P5())

Procedure p7
Return Substr(Sys(9),8,1)

Procedure P8
Return Substr(Sys(9),11,1)

Procedure P9
Return Substr(BinToC(Val(P8())*Asc(p7())),4,1)

Procedure p10
Return At("M",Sys(2013))

Procedure p11()
Return Left(Right(Sys(16,1),P10()+6),1)

Procedure p13
Return floor( 100*cos(sin(143)))+67

Procedure P14
Return GetWordNum(Sys(0),2)+p15()

Procedure p15
Return Left(Transform(Diskspace(),"@0"),_screen.ScaleMode*P16())

Procedure p16
Return Sin(p17())-1

Procedure p17
Return PI()/2

--
Christof

Répondre

Fil

Voir

Click here to load this message in the networking platform