New SimpleCrypt page

andre · wrote on 9 Apr 2012, 17:09

Thanks for the note. If I understand the page you link, I'm not sure that the class implements what qualifies as a Vigenere cipher, but I will agree that it does not provide strong cryptography.

The small additional trick is that the code uses the value of the previous code block as part of the key for the next block. That will hinder the kinds of analysis described in the article, if I understand it correctly. The key length is known in this case: 8 bytes, but because the key is mixed with the previously generated cypher text, it does not work to just decrypt the text as eight different cesar cyphers.

rich · wrote on 9 Apr 2012, 18:12

Yes, this is the auto-key variant of vigenere cipher, and is a lot stronger than the basic one.

andre · wrote on 9 Apr 2012, 18:37

Interesting stuff. Perhaps I should try to make a new version (still: keeping it simple!) that is a bit stronger.

rich · wrote on 9 Apr 2012, 18:55

If you do, I'd be tempted to use something like RC4 which while not perfect, is very simple to implement.

zester · wrote on 30 Apr 2012, 23:35

Andre I think you did a great job, at documenting not only usage but also the algorithm. I wish all of Qt's examples were so well thought out ;)

katropine · wrote on 18 Nov 2012, 17:47

Great job, easy to use. One question, I tested my app on Debian and Mint and no problem, but on Fedora 17 and Arch
I get "Invalid version or not a cyphertext."

@ QByteArray ba = cypher;

char version = ba.at(0);
if (version !=3) {  //we only work with version 3
    m_lastError = ErrorUnknownVersion;
    qWarning() << "Invalid version or not a cyphertext.";
    return QByteArray();
}@

andre · wrote on 19 Nov 2012, 10:39

Sorry, no idea. I did not test on these sytems, but I have no clue why it would go wrong on a different linux system. That seems unlikely somehow. Perhaps the data you feed into SimpleCrypt is corrupted somehow?

katropine · wrote on 19 Nov 2012, 10:55

Yes, sorry something else went wrong on those systems and indeed corrupted the settings string.
My Bad.

SimpleCrypt works perfectly.

amanjit · wrote on 30 Dec 2012, 13:09

Hi,

[quote author="Andre" date="1300457411"]I have just added a "page":http://developer.qt.nokia.com/wiki/Simple_encryption in the Snippets category [/quote]

Thanks for this class. I am invoking it's constructor with my predefined key (my secret) and I am wondering why qsrand() is initialized with currentTimeMillis or similar (in the constructor code)? I don't get the same encryption results on multiple invocations so I used my quint64 key to initialize qsrand (in the constructor), then it works..

@
SimpleCrypt c1(Q_UINT64_C(0x0c2ad4a4acb9f023)); //some random number
SimpleCrypt c2(Q_UINT64_C(0x0c2ad4a4acb9f023)); //some random number

qDebug() << "Crypt1 " << c1.encryptToString(QString("justatest"));
qDebug() << "Crypt2 " << c2.encryptToString(QString("justatest"));
@

Output
@
Crypt1 "AwLLXV+ZSO+x3Ise1Aw="
Crypt2 "AwIUgoBGlzBuA1TBC9M="
@

Just wondering :)

andre · wrote on 30 Dec 2012, 14:00

Why would you want to have the same cypher text when using the same clear text and key? As long as the decrypted plain text from these cypher texts is the same, what is the problem with having different cypher texts? The algorithm uses a randomization of the string on purpose. It makes it much harder to leak part of the key because analysis is much harder this way.

An explanation is in the "details page":/wiki/SimpleCrypt_algorithm_details#2d478ba9ee3cf03e338b506b1a0292dc that has more on the idea of using a random number as a leading byte.

You replacing that they way you did partly negates this, and thus makes the cypher weaker by a couple of bits. Note that even with your change, encrypting the same plain text using the same SimpleCrypt instance twice will result in different cypher texts.

amanjit · wrote on 30 Dec 2012, 14:23

Hi Andre,

Thanks for answering; I wasn't looking for reasonably strong encryption - I just wanted to always get the same encrypted string for the same input (private key+string_to_be_encrypted); its just for private use anyway, and non-critical.

I am using QCryptographicHash for that now, it solves my problem

andre · wrote on 30 Dec 2012, 14:34

Eh, no, that class does not solve your problem, if you are indeed looking for encryption rather than hashing. There is a big difference between the two...

amanjit · wrote on 30 Dec 2012, 14:41

[quote author="Andre" date="1356878054"]Eh, no, that class does not solve your problem, if you are indeed looking for encryption rather than hashing. There is a big difference between the two... [/quote]

That's a chicken and egg problem: I don't want to elaborate on "my problem" and hence prove that I am fine with hashing because of concerns of privacy. Please understand that and thank you for your help.

topocc · wrote on 4 Feb 2013, 16:58

worked in QT 5?

topocc · wrote on 4 Feb 2013, 17:10

good thing I changed was this:

@//QString cypherString = QString::fromAscii(cypher.toBase64());
QString cypherString = QString::fromUtf8(cypher.toBase64());

//QString cypherString = QString::fromAscii(cypher.toBase64());
QString cypherString = QString::fromUtf8(cypher.toBase64());

//QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toAscii());
QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toUtf8());

//QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toAscii());
QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toUtf8());@

there will be well done this.

Ian Monroe · wrote on 14 Feb 2013, 06:45

I was getting SIGABRT's when attempting to decrypt an empty string with a Qt with debugging enabled. So I've added a little check. Doesn't seem possible to link to wiki history diffs, but you can see it there.

andre · wrote on 14 Feb 2013, 07:24

Thanks, good catch.

I assume you're talking about this snippet, right?
@
if( cypher.count() < 3 )
return QByteArray();
@

A small problem is, that no error code is set. I think that needs to be added.

topocc · wrote on 14 Feb 2013, 22:50

good, and in QT5 probe, and all good the only thing that was included # include <QDataStream>, and change QString :: fromutf8 () and QString :: toutf8 ().

Clearly only tried with 30 words, and it has worked well.

njeisecke · wrote on 28 Feb 2013, 14:12

Hi Andre,

thanks for sharing this very useful code. Works perfectly, did save me quite some time. May I buy you a beer on next DevDays?

Nils

andre · wrote on 28 Feb 2013, 15:53

[quote author="njeisecke" date="1362060748"]Hi Andre,

thanks for sharing this very useful code. Works perfectly, did save me quite some time. May I buy you a beer on next DevDays?

Nils[/quote]
Good to hear that. If I'm able to go, you most certainly are welcome to buy me one :-)