Sign in to follow this  
Followers 0
twitchyliquid64

Stop Long Ints going into Sci notation.

9 posts in this topic

Hi.

I am trying to write a UDF to do public Key cryptography, and in this it requires converting your message to numbers and multiplying it by the product of two large primes. When I do this, it returns a number that is in sci notation and this stuffs it up, along with the buffer overflow.

How can I stop this from happening? I have no idea how to make it an Unsigned long variable and how to stop it going Sci notation.

Is it even possible in AutoIT?

ANY response is appreciated.

Thx,

HypOZ.


ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search

Share this post


Link to post
Share on other sites



just convert the sci notation into a normal number?

Share this post


Link to post
Share on other sites

the String() function may be of help, I've found that it will return a scientific notation number as the regular number.


[size="2"] "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian Kernighan[/size]

Share this post


Link to post
Share on other sites

Cryptography has to be very deterministic, so the specs for any given algorithm probably specify how many bits to carry the operation out to, and exactly what to do with carry bits out of the MSB. Something like "All arithmetic operations are carried out to 32bits unsigned, and overflow bits beyond 2^31 are dropped." I would think allowing the math to carry out to floating point precisions would make things "fuzzy" as rounding was performed by whatever environment you are on. For that reason I don't think the people that write those things just leave it up to whatever method your particular hardware/OS/compiler happens to be using today.

So which algorithm are you trying to implement, and what does the spec for it say about how the math should be done?

If you want to avoid re-inventing the wheel, have you seen if it's already been done in AutoIt, or with the new Crypt.au3 UDF by monoceres included with the current version?

;)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Cryptography has to be very deterministic, so the specs for any given algorithm probably specify how many bits to carry the operation out to, and exactly what to do with carry bits out of the MSB. Something like "All arithmetic operations are carried out to 32bits unsigned, and overflow bits beyond 2^31 are dropped." I would think allowing the math to carry out to floating point precisions would make things "fuzzy" as rounding was performed by whatever environment you are on. For that reason I don't think the people that write those things just leave it up to whatever method your particular hardware/OS/compiler happens to be using today.

So which algorithm are you trying to implement, and what does the spec for it say about how the math should be done?

If you want to avoid re-inventing the wheel, have you seen if it's already been done in AutoIt, or with the new Crypt.au3 UDF by monoceres included with the current version?

;)

I am trying to write the RSA Algorithm into Autoit. The only formula I have found is:

Encryption: C = M^e ( modulo n )

Decryption: M = C^d ( modulo n )

where:

M = the plain-text message expressed as an integer number.

C = the encrypted message expressed as an integer number.

n = the product of two randomly selected, large primes p and q.

d = a large, random integer relatively prime to (p-1)*(q-1).

e = the multiplicative inverse of d, that is:

( e * d ) = 1 ( modulo ( p - 1 ) * ( q - 1 ) )

The public key is the pair of numbers ( n, e ).

The private key is the pair of numbers ( n, d ).

Thus far all I have done is try to convert the string to intergers, Im trying to stop it Truncating when I multiply it. It it possible to force an AutoIt variable to be say, 32Bit Unsigned and to stop it going all Sci Notation on me?

I still have to work out how to find Prime numbers, D, and E, but I have an awesome Maths Teacher with a Doctrate in Maths who could probs do it in a flash so thats not an issue.

Code so far: Notice my efforts to force a char to always be three numbers: This is important.

;Public Key Crypto
#include "String.au3"

$num = Convert_String_INT ("AZ09za!@#(*@)(*&#$%@(&_!*&^A@")
$char = Convert_INT_String ($num)
MsgBox( 4096, "", $num & @CRLF & $char, 10)


Func Convert_String_INT ($string)
    local $timer = TimerInit()
    local $int_string = 0
    local $runcount
    local $split = StringSplit( $string, "")
    For $runcount = 0 to $split[0] step 1
        local $char = Asc($split[$runcount])
        $int_string &= StringFormat("%03i", $char)
    Next
    ConsoleWrite( @CRLF & "String -> Int: Completed: " & TimerDiff($timer))
    return $int_string
EndFunc

Func Convert_INT_String ($int)
    local $timer = TimerInit()
    local $num_string = StringTrimLeft( String( $int), 1)
    local $int_string = ""
    
    local $split = StringSplit( $num_string, "", 1)
    For $runcount = 1 to $split[0] step 3
        $int_string &= Chr($split[$runcount]&$split[$runcount+1]&$split[$runcount+2])
    Next
    ConsoleWrite( @CRLF & "Int -> String: Completed: " & TimerDiff($timer))
    return StringTrimLeft($int_string, 1)
EndFunc
[

Thanks for your help:

HypOZ.


ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search

Share this post


Link to post
Share on other sites

Ahem!

RSA is rarely used as the main encryption algorithm, due to its slowness. In practice, RSA is only used to encrypt a session key, which is used for actually encrypting plaintext. For any non-ridiculous use you need something like 1024-bit keys and fast PowerMod function. This is already really slow when applied to a short signature file using carefully coded low-level code. Hence doing the same in high-level general-purpose language like AutoIt (which doesn't have support for arbitrary precision integral arithmetic) is going to be uselessly slow. I guess PsaltyDS is referring to the bigint UDF, which uses numeric strings for its internal operations, but its very slow.

Now you really should read textbooks about practical crypto, as (as always) the devil is in the details. For instance, robust selection of components of a key isn't trivial. It's also important to select a really robust prime finding function, and that alone is difficult.

I understand you are making a student work, but for it to have good value, many aspects have to be carefully studied. Anyway, AutoIt isn't the best language for such project IMHO.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Ahem!

RSA is rarely used as the main encryption algorithm, due to its slowness. In practice, RSA is only used to encrypt a session key, which is used for actually encrypting plaintext. For any non-ridiculous use you need something like 1024-bit keys and fast PowerMod function. This is already really slow when applied to a short signature file using carefully coded low-level code. Hence doing the same in high-level general-purpose language like AutoIt (which doesn't have support for arbitrary precision integral arithmetic) is going to be uselessly slow. I guess PsaltyDS is referring to the bigint UDF, which uses numeric strings for its internal operations, but its very slow.

Now you really should read textbooks about practical crypto, as (as always) the devil is in the details. For instance, robust selection of components of a key isn't trivial. It's also important to select a really robust prime finding function, and that alone is difficult.

I understand you are making a student work, but for it to have good value, many aspects have to be carefully studied. Anyway, AutoIt isn't the best language for such project IMHO.

Currently in my p2p program I am using 50bit encryption for every I'm message. This takes around half a sec to decript. Any longer and you have issues. Obviously, this is not secure. Can you explain this idea of a session key? How do I generate it? I would like to get up to 300 bit. There only short Im messages. Do you think I should use the rsa to transfer an aes key that is faster and better instead? And then encrypt the data based off that? That would probably work better. What's your idea of secure p2p comm? How would you do it?

I am only 15, as such I have no access to such textbooks, especially not in aus

Edited by hyperzap

ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search

Share this post


Link to post
Share on other sites

Your smartphone can probably factorize 50-bit keys faster than you could issue a call to any emergency service! So, yes, this is laughably unsecure.

Since you're talking of encrypting a P2P session, why do you use RSA at all, except for the public key properties: I can get sure than the emitter is Alice and I can prove I'm Bob. FYI, Alice, Bob, Eve, ... are placeholders used in exposing crypto algorithms.

An interactive session key can be safely build up by using a good implementation of the Diffie-Hellman exchange. Signing initial exchanges with Alice and Bob RSA's public keys makes the authentification secure. Now the session key can be used for any cipher of your choice, provided there's no caveat in the implementing code (that's a BIG if).

Not having access to a decent college library shouldn't stop you from googling. There are loads of good pages on the subject. Select good introductionary books (like Bruce Schneier's Applied Cryptography and Practical Cryptography) and ask your family/friends/neighbours to offer them to you for Christmas: one can find both used books for under $13 each and low SH fees if you select an aussie seller.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0