c - DES encryption in linux -


i'm trying use glibc cbc_crypt function encrypt strings in c program should portable function why i'm using library

here's code:

#define _gnu_source #include <stdio.h> #include <crypt.h> #include <string.h> #include <rpc/des_crypt.h>  int main(int argc, char *argv[]) {     int blah=0;     char plaintext[]="mypass1234test";     char key[]="abcdefg1";     char encbuff[] = "87654321";     char decbuff[] = "87645321";     des_setparity(key);     int size=sizeof(plaintext);     printf("plaintext %s\n",plaintext);     printf("original size %d\n",size);     while (size % 8 && size < 420)         plaintext[size++]='\0';     printf("new size %d\n",size);     if (argc>1) {         if (strcmp("encrypt",argv[1])==0) {             blah=cbc_crypt(key,plaintext,size,des_encrypt | des_sw,encbuff);             printf("ciphertext %s\n",plaintext);             size = sizeof(plaintext);             printf("original size %d\n",size);             while (size % 8 && size < 420)                 plaintext[size++]='\0';             printf("new size %d\n",size);             blah=cbc_crypt(key,plaintext,size,des_decrypt | des_sw,decbuff);             printf("plaintext %s\n",plaintext);         }     }     return 0; }

when try run program following:

./a.out encryption plaintext mypass1234test original size 15 new size 16 ciphertext 0ю�sbkx,�7&���8@  @ original size 15 new size 16 plaintext myp`rs12��~�ϖ@ @

my goal encrypt files , decrypt files, i'm open use other cryptographic functions need program portable( rather not use openssl have machines running without library)

i haven't reviewed code, here few things wrong.

  • the length of plaintext , ciphertext must multiple of 8 bytes. cbc_crypt function doesn't padding you. you're passing 15-byte buffer; depending on how cbc_crypt works , on platform , on how compiler feeling today, may result in variable being overwritten @ point.
  • the loop add null bytes @ end of plaintext overflows buffer. plaintext has room 15 bytes, you're writing 16. depending on platform , on how compiler feeling today, may result in variable being overwritten @ point.
  • the loop add null bytes @ end of ciphertext results in garbage when decrypt it. that's normal: “regular” ciphertext gives garbage upon decryption. (that's in addition problem loop writing outside bounds of array.)
  • the iv cbc should uniformly random, not constant. won't result in invalid decryption bad security.

in case, mere fact you're using des bad security. des long obsolete. use aes instead.

there's no standard cryptographic library, there libraries liberal license , small footprint. pick 1 , link code statically code.

one possibility use libtomcrypt. there code samples in manual. if want encryption, use aes in cbc or ctr mode random iv/counter. if want authentication (i.e. detect if modified ciphertext), use aes in gcm or ccm mode (again, random iv).


Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

jquery - javascript onscroll fade same class but with different div -

i new @ javascript , want learn new. there wrong code : why div fades @ same time. i want ask how fade different div s same class name.can me , explain me. thanks in advance. javascript: $(window).scroll(function(){ if ($( "div.fade" ).offset().top - $(window).scrolltop() <= 100){ $('.fade').addclass( "fade-in"); } else { $('.fade').removeclass("fade-in"); } }); here jsfiddle onscroll = function () { var scrolltop = $(this).scrolltop() ; $("div.fade").each(function(){ if(($(this).offset().top - scrolltop) <= 100){ $(this).toggleclass("fade-in"); } }) }
Read more