This is an entry for NANY 2019

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > N.A.N.Y. 2019

This is an entry for NANY 2019 - SCrypt

(1/3) > >>

KodeZwerg:
Hello all,
i like to introduce a small tool that i just finished and Contribute to Nany 2019.

Toolname: SCrypt.exe / Small File Cryptor
Target: Console Application
Compiler: Delphi 7 32bit
Whats the Point: It'll encrypt/decrypt a file
Project-Status: early Release, Basics should be final
Extras: Utilize MMX features, wasted time display for encoding/decoding
Limits: Untested max. Filesize, my guess is 2GB Limit, keys are fixed ATM (internal using a set of 4)

Source: not included, not avail by request.

Usage:
SCrypt.exe FileToTest.Ext

My App will never change Original File!
It will produce/overwrite two new Files:
1. FileName_ENC.ext = Original File in encrypted Format
2. FileName_DEC.exc = restored encrypted file

Tested with Windows 7 x64, Application might need Admin-Rights to create Files.
If you have wishes, suggestions or found a bug, drop a line, thanks!

!!!Attention Interested SCrypt Users:
This tiny tool does NOT provide much security!
Everyone who has this App can reverse any crypted file back since i do not provide Password crypting!!!!
For myself it was educational testing of MMX Chipset features to benchmark vs other Cipher/Crypter methods.
Anyway, decrypting a file by hand it is still not that easy like someone might think.

My Tool-Name has nothing to do with anything else called SCRYPT, its just short for "Small File Cryptor".

f0dder:
So... what's the point? :-)

You don't support a passphrase, which means there isn't really any security.

You don't mention which encryption algorithm is used, making it hard to reason about the security if you implement key generation from passphrases later on.

Encryption a 4k text file full of 'A's makes it clear that you're using a 32-byte block size with no block chaining, which means that even if you use a decent encryption algorithm, your encryption as a whole can be broken.

So... this sounds like something that's probably a fun project, and where you might want to share the code with other people and learn from the experience.

But not a good idea to present it as a utility for other people.

KodeZwerg:
Whoa, thanks for trying out and give feedback.
For me it was educational to learn how MMX works. It does exact what i've written what it does.
My intention was not to create a fullprice Protection Suite.
For myself i've included it in my Apps that transmit something via Internet.
Your point "it can be broken" i just can silly argue "what cant be broken?".

If interested i can publish a not that fast version with Random output, also for "1000 times "a" in a file" with same passphrase encrypted, each time unique encrypted results are given. That is a bummer to decrypt without my App and seems to be very safe due each time you encrypt something the result is different. If thats what you like/need/want, i could split up an existing Application where i've included such feature already.

Jibz:
f0dder's comments may be a bit direct, but try to take them as constructive criticism.

Writing your own encryption is a great project, but when you make it available for other people to use, it becomes important to be clear about the level of security. This is because a false sense of security is worse than no security. Imagine a person who downloads your program, encrypts all his banking information using it and sends them over email.

Cryptography is hard, and even seasoned programmers sometimes fall for Schneier's Law. That is why it takes years of public scrutiny and analysis for any algorithm to be widely accepted.

And even if you use algorithms generally accepted to be secure, there are details surrounding their use and combination that can compromise the security (like using an insecure source of randomness, storing plain password hashes, or using a block cipher in ECB mode).

Please note again that I am not saying you shouldn't continue working on your project -- I think it is great you wrote this and chose to make it available for NANY! Just make sure potential users are aware of it if you came up with your own encryption algorithm, and know whether the goal is to keep their family members or professional cryptographers from being able to read the file.

On a side note, there is a key derivation algorithm called scrypt.

KodeZwerg:
Thank you Jibz, i've updated Post #1 to ensure everyone knows such information before anything bad happen.

Ps: It is custom algorithm.

Navigation

[0] Message Index

[#] Next page

Go to full version