New SimpleCrypt page
-
Hi, Andre!
Thanks a lot for the article! I'd be glad to use this code in my project!
My question is also related to license. The project I'm working on is not an open-source. Is it ok if I copy/paste your code into my project (keeping copyright notice in source/header files)? Also my application doesn't have any 'About' page - is it OK that I'll not show to the end user your copyright notice (that you're the actual author of encryption)?
I have read your message above, my question is just for confirmation for my project
Thanks a lot in advance,
Michael -
[quote author="Andre" date="1317372274"]Your application is bound to have some documentation or help system, right? I'd think there is enough opportunity to fullfil the licence terms that way. Licences do not get much more liberal than the one I have used...[/quote]
Ok, thanks, i'll add this notice to the global "copyright" file in the sources. I just needed confirmation that it is ok that this notice will not appear anywhere on the application's UI -
The relevant part of the licence states:
[quote]Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.[/quote]So, if you are providing other materials/documentation with the binairy application, then you must basically repeat the licence block in that documentation or additional materials. That can also occur in in-application help or something like that. If you distribute your application as source, then you can place it there (basically: just keep the source file as-is - at least in terms of the licence header - and you are ok.)
-
Hi,
First, Thanks for your work.
I'd like to use your class but i need some more help.
The constructor of SimpleCrypt only accept a quint64 as key.
But in my project, i have to convert a given passphrase (like "password") to this quint64 and cannot manage to do this.
You said in your topic "you can also use other means to get to a quint64 key, such as using some hash of a password and reducing that to 64 bits."
But i don't know how to do it.Is there some easy way to do this?
Is there some existing class or wathever that do it?regards.
-
welcome to devnet
Did you see already "qHash":http://developer.qt.nokia.com/doc/qt-4.8/qhash.html#qHash-22 ?
-
Well, the qHash function comes to mind, or perhaps you could use [[doc:QCryptographicHash]]. You add a bit a salt to your pass string, generate a hash, and combine the bits in the resulting hash to create a 64 bit value. If you use MD5, you get a 128bits hash. You could do something like this:
@
quint64 passToKey(const QString& password) {
QByteArray hash;
QCryptographicHash hasher(Md5);
hasher.addData(salt); //salt is a QByteArray with some random data
hasher.addData(password.toUtf8());
hash = hasher.result();//we now have a QByteArray that is too long with a hash of the password.
//get the contents of the byte array into two quint64's. There are other ways...
quint64 part1, part2;
QBuffer buffer(hash);
QDataStream stream(&buffer);
stream >> part1 >> part2;
key = part1 ^ part2; //combine the two partsreturn key;
}
@Note: brain to editor, not tested.
Edit:
Note that qHash returns a 32 bits result, so you will have to combine two of these to get a 64 bits version. Perhaps using part of the password for hash1, and the other part for hash2, and then combining the result to get a 64 bits key. -
In the same way I do in the snippet I posted, for instance. I use bitshifting, but that is the same as multiplication by 2-to-the-power-of-n. Basically, what you do is:
put the values of your ints in 64 bits variables
shift one of the values 32 bits by either:
multiplying by 0xFFFFFFFF, or
bitshifting
add the two numbers by either:
simply adding the numbers, or
using a binary OR operation like I did in my sample.
-
Just a note that this appears to be a Vigenere cipher scheme (see http://en.wikipedia.org/wiki/Vigenère_cipher for details) if you simply want basic scrambling of data to prevent trivial access to the plain text then this could well be sufficient, but it's not very strong. Particularly be careful of using this for long texts.
-
Thanks for the note. If I understand the page you link, I'm not sure that the class implements what qualifies as a Vigenere cipher, but I will agree that it does not provide strong cryptography.
The small additional trick is that the code uses the value of the previous code block as part of the key for the next block. That will hinder the kinds of analysis described in the article, if I understand it correctly. The key length is known in this case: 8 bytes, but because the key is mixed with the previously generated cypher text, it does not work to just decrypt the text as eight different cesar cyphers.
-
Great job, easy to use. One question, I tested my app on Debian and Mint and no problem, but on Fedora 17 and Arch
I get "Invalid version or not a cyphertext."@ QByteArray ba = cypher;
char version = ba.at(0); if (version !=3) { //we only work with version 3 m_lastError = ErrorUnknownVersion; qWarning() << "Invalid version or not a cyphertext."; return QByteArray(); }@
-
Hi,
[quote author="Andre" date="1300457411"]I have just added a "page":http://developer.qt.nokia.com/wiki/Simple_encryption in the Snippets category [/quote]
Thanks for this class. I am invoking it's constructor with my predefined key (my secret) and I am wondering why qsrand() is initialized with currentTimeMillis or similar (in the constructor code)? I don't get the same encryption results on multiple invocations so I used my quint64 key to initialize qsrand (in the constructor), then it works..
@
SimpleCrypt c1(Q_UINT64_C(0x0c2ad4a4acb9f023)); //some random number
SimpleCrypt c2(Q_UINT64_C(0x0c2ad4a4acb9f023)); //some random numberqDebug() << "Crypt1 " << c1.encryptToString(QString("justatest"));
qDebug() << "Crypt2 " << c2.encryptToString(QString("justatest"));
@Output
@
Crypt1 "AwLLXV+ZSO+x3Ise1Aw="
Crypt2 "AwIUgoBGlzBuA1TBC9M="
@Just wondering :)