Home » Developing U++ » UppHub » Encrypted storage with streaming (OpenSSL, AES)
Re: Encrypted storage with streaming (OpenSSL, AES) [message #25403 is a reply to message #25402] |
Mon, 22 February 2010 08:50 |
|
koldo
Messages: 3361 Registered: August 2008
|
Senior Veteran |
|
|
Mindtraveller wrote on Mon, 22 February 2010 08:31 |
koldo wrote on Mon, 22 February 2010 09:54 | 1) Does it mean that AES cannot be used for saving user files with user defined password ?
However there are programs that include this possibility with AES. For example 7zip offers AES-256 encryption http://www.7-zip.org/7z.html.
2) Is there a standard way to convert a 8 chars user defined password into an useful 256 AES bits key ?
|
1) Cryptography is no miracle, it's just math. If you use weak password, you get weak protection, and no algorithm saves you from it. This means if you want stable and strong protection, you must use stable and strong key. The one of few options here is to use key generated by OpenSSL itself.
You have to consider user password as worst type of key. Also, many passwords are too plain and dumb: 123, 111, 123456, etc. This is bad for cryptography.
Russian programmer Igor Pavlov who wrote 7zip, has chosen to use compromise solution. He takes user password, calculates SHA-256 function for it (AFAIK U++ has its realization too). Then he adds some calculations/changes to that 256-bit value and the final value is used as a key for AES encryption.
This represents fair protection, which is very much stronger than using user password as key, but at some rate weaker protection than with OpenSSL-generated key. In a number of uses it is rather good and satisfactory protection. Also it allows using protection without storing user password itself which is very good practice. But frankly speaking I haven't heard of SHA output as extremely cryptographically strong combination of bytes. This algorithm has another application field (generating unique digest "far" from original bytes).
2) AFAIK there is no "standard" way to convert user password to key. The best way is to use OpenSSL generated key. You may of course use any function like SHA-256 but you must be aware of the crytpographic strongness/weakness you give to user.
|
Excellent explanation
I will follow your advice. Anyway, could you add a function to convert an username password into a "fair" protection ?. Thanks
I have checked your demo and now it works well. In a big program where I have applied it, it works well too .
You have done more changes than just a fix . You have removed dependencies to packages Web and Web/SSL.
This afternoon I will upload it to Bazaar. In some hours I will propose a possible application of your useful functions.
Great job !
Best regards
IƱaki
|
|
|
|
|
Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Thu, 17 September 2009 09:34
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: Weras on Thu, 17 September 2009 19:57
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Thu, 17 September 2009 22:55
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: tojocky on Fri, 18 September 2009 12:28
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Fri, 18 September 2009 13:23
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Fri, 18 September 2009 23:01
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: kasome on Wed, 23 September 2009 03:29
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sat, 20 February 2010 17:08
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sun, 21 February 2010 08:07
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sun, 21 February 2010 10:38
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sun, 21 February 2010 15:40
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sun, 21 February 2010 16:01
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sun, 21 February 2010 19:25
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Mon, 22 February 2010 07:54
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Mon, 22 February 2010 08:50
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Mon, 22 February 2010 11:55
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Mon, 22 February 2010 12:46
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: tojocky on Mon, 22 February 2010 15:19
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Mon, 22 February 2010 16:46
|
|
|
Building with MSC9
By: kohait00 on Wed, 03 March 2010 23:17
|
|
|
Re: Building with MSC9
By: koldo on Sat, 06 March 2010 01:49
|
|
|
Re: Building with MSC9
By: kohait00 on Sun, 07 March 2010 11:24
|
|
|
Re: Building with MSC9
By: koldo on Sun, 07 March 2010 13:47
|
|
|
Re: Building with MSC9
By: kohait00 on Sun, 07 March 2010 16:08
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Wed, 10 March 2010 17:09
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: kohait00 on Wed, 10 March 2010 20:54
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Wed, 10 March 2010 21:33
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: kohait00 on Wed, 10 March 2010 22:36
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Thu, 11 March 2010 09:12
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: kohait00 on Thu, 11 March 2010 10:29
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Thu, 11 March 2010 11:01
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: koldo on Sun, 14 March 2010 15:27
|
|
|
bazaar: DeEncrypter
By: kohait00 on Thu, 05 August 2010 21:09
|
|
|
Re: bazaar: DeEncrypter
|
|
|
Re: bazaar: DeEncrypter
By: kohait00 on Sun, 08 August 2010 11:05
|
|
|
Re: bazaar: DeEncrypter
|
|
|
Re: bazaar: DeEncrypter
By: kohait00 on Tue, 10 August 2010 15:46
|
|
|
Re: bazaar: DeEncrypter
|
|
|
Re: bazaar: DeEncrypter
By: kohait00 on Tue, 10 August 2010 21:42
|
|
|
Re: bazaar: DeEncrypter
|
|
|
Re: bazaar: DeEncrypter
By: koldo on Wed, 11 August 2010 15:29
|
|
|
Re: bazaar: DeEncrypter
|
|
|
Re: bazaar: DeEncrypter
By: koldo on Thu, 12 August 2010 13:54
|
|
|
Re: bazaar: DeEncrypter
By: kohait00 on Tue, 17 August 2010 15:58
|
|
|
Re: bazaar: DeEncrypter
By: koldo on Fri, 25 February 2011 18:52
|
|
|
Re: bazaar: DeEncrypter
|
|
|
Re: Encrypted storage with streaming (OpenSSL, AES)
By: Alboni on Fri, 23 August 2013 01:59
|
Goto Forum:
Current Time: Mon May 13 02:32:01 CEST 2024
Total time taken to generate the page: 0.02353 seconds
|