New SimpleCrypt page
-
Hi,
[quote author="Andre" date="1300457411"]I have just added a "page":http://developer.qt.nokia.com/wiki/Simple_encryption in the Snippets category [/quote]
Thanks for this class. I am invoking it's constructor with my predefined key (my secret) and I am wondering why qsrand() is initialized with currentTimeMillis or similar (in the constructor code)? I don't get the same encryption results on multiple invocations so I used my quint64 key to initialize qsrand (in the constructor), then it works..
@
SimpleCrypt c1(Q_UINT64_C(0x0c2ad4a4acb9f023)); //some random number
SimpleCrypt c2(Q_UINT64_C(0x0c2ad4a4acb9f023)); //some random numberqDebug() << "Crypt1 " << c1.encryptToString(QString("justatest"));
qDebug() << "Crypt2 " << c2.encryptToString(QString("justatest"));
@Output
@
Crypt1 "AwLLXV+ZSO+x3Ise1Aw="
Crypt2 "AwIUgoBGlzBuA1TBC9M="
@Just wondering :)
-
Why would you want to have the same cypher text when using the same clear text and key? As long as the decrypted plain text from these cypher texts is the same, what is the problem with having different cypher texts? The algorithm uses a randomization of the string on purpose. It makes it much harder to leak part of the key because analysis is much harder this way.
An explanation is in the "details page":/wiki/SimpleCrypt_algorithm_details#2d478ba9ee3cf03e338b506b1a0292dc that has more on the idea of using a random number as a leading byte.
You replacing that they way you did partly negates this, and thus makes the cypher weaker by a couple of bits. Note that even with your change, encrypting the same plain text using the same SimpleCrypt instance twice will result in different cypher texts.
-
Hi Andre,
Thanks for answering; I wasn't looking for reasonably strong encryption - I just wanted to always get the same encrypted string for the same input (private key+string_to_be_encrypted); its just for private use anyway, and non-critical.
I am using QCryptographicHash for that now, it solves my problem
-
[quote author="Andre" date="1356878054"]Eh, no, that class does not solve your problem, if you are indeed looking for encryption rather than hashing. There is a big difference between the two... [/quote]
That's a chicken and egg problem: I don't want to elaborate on "my problem" and hence prove that I am fine with hashing because of concerns of privacy. Please understand that and thank you for your help.
-
good thing I changed was this:
@//QString cypherString = QString::fromAscii(cypher.toBase64());
QString cypherString = QString::fromUtf8(cypher.toBase64());//QString cypherString = QString::fromAscii(cypher.toBase64());
QString cypherString = QString::fromUtf8(cypher.toBase64());//QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toAscii());
QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toUtf8());//QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toAscii());
QByteArray cyphertextArray = QByteArray::fromBase64(cyphertext.toUtf8());@there will be well done this.
-
I was getting SIGABRT's when attempting to decrypt an empty string with a Qt with debugging enabled. So I've added a little check. Doesn't seem possible to link to wiki history diffs, but you can see it there.
-
[quote author="njeisecke" date="1362060748"]Hi Andre,
thanks for sharing this very useful code. Works perfectly, did save me quite some time. May I buy you a beer on next DevDays?
Nils[/quote]
Good to hear that. If I'm able to go, you most certainly are welcome to buy me one :-) -
Hi,
I'm having some troubles using your code.
For the same binary the encryption/decryption of the string using a key works fine.
But if i change the source code and add something like: qWarning() << "what you want";
Then rebuild the app, the password is badly decrypted.Is this a normal behavior ??
Thanks for your help.
-
Hi,
Thanks for your answer i found the problem.
I was using a stupid generated test key like: quint64 key( qHash( "the_test_key" ) );
When the binary change, the hash returned by this call was not identical as previously, resulting to badly decrypted content.
Using QString version fixed the problem: quint64 key( qHash( QString( "the_test_key" ) ) );thanks you!
-
I don't think qHash is guaranteed to give the same result between runs actually, so it seems unwise to me to use it in this way. Furthermore, it is not very secure. qHash returns a uint, while the key used is a quint64. So, you are only using a 32 bits key instead of a 64 bits one.
-
Right, it's not secure, as i told, it was a test project.
The problem of the qHash over a const char* is that it may be done differently depending the os / compiler.
A qHash around a QString is always giving the same result because it hash the string content - I did not read the code on what it does with const char*.
Anyway, yes using this way is not a good way, but it was a test.
By the way is there some repository to to track the code ? having to copy/paste it from a wiki page is not so natural.Thanks for your code, and the help.
-
No the code is not in a repo, but I probably should put it on Gitorious or something like that.
For generating a key out of a string, I think I'd just use QCryptographic hash with MD5 or SHA-1, and create a 64 bit key out of the 16 (MD5) or 20 (SHA-1) bytes these generate. The key you need is 8 bytes, but reducing the 16 or 20 bytes to 8 is just a simple XOR or two away...