Jump to content
Sign in to follow this  
SkinnyWhiteGuy

Crypto Suite

Recommended Posts

SkinnyWhiteGuy

Crypto Suite

Encryption/Hashing Algorithm Collection written entirely in AutoIt code.

Current Version 2.1, released November 7, 2009.

It's finally here! I managed to compile enough algorithms for my liking to finally release all these together in one archive for everyone to see and use. It has been very fun, and I can't wait to get some feedback on this, and put some more work into this project. Thanks to everyone for their encouraging words and advice, and please keep it up! It at least makes me feel some better about all this.

If you have a question, just post it here, and I'll try to help.

Links

Base64 Encoding by mikeytown2

MD5 by SvenP (who converted a VBS file by Phil Fresle)

MD5 by Arses

History

Version 2.1 - Updated rijndael.au3, fixed errors with CTR mode, and IV usage. Should work properly now.

Version 2.0 - I've decided to separate out all the algorithms into separate downloads, to make my, and your, lives easier. This is now done. With this, I'm no longer making separate downloads of other's functions, but am going to just provide links to their posts, so when they update, you will get the most updated. Also with this update, AES is not included, but has been replaced with the rijndael algorithm. For those of you who don't know, AES is rijndael with a fixed block size of 128, so to get AES encryption, just use rijndael with the BlockSize set at 128. Several modes and extra features were added to rijndael above all the rest, so you should really check it out and see just how much was added. Things like a Hash function built from it, encryption that is the same length as the text given it, and many others. It also has a lot of speed enhancements over AES, thanks to the work of others who tested to see which functions work faster in AutoIt.

Version 1.1 (previous downloads: 463) - Changed the padding scheme, will continue to use it on future scripts. WARNING: Anything encrypted with the old style padding functions will probably not work with these new versions, so please decrypt with old, update, then reencrypt to ensure compatibility. Sorry, but it's for the best (not to mention my sanity)

Version 1.0 - Initial Release

Des_Optimized.au3

Des.au3

Blowfish.au3

rijndael.au3

Edited by SkinnyWhiteGuy

Share this post


Link to post
Share on other sites
WeMartiansAreFriendly

awesome!!

and.. conversion from vb like syntax is less painful than javascript.. i'll you that.. :shocked:

[edit]

where did you get the alorythms anyways? just a little curious.

Edited by mrRevoked

Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites
SkinnyWhiteGuy

awesome!!

and.. conversion from vb like syntax is less painful than javascript.. i'll you that.. :shocked:

[edit]

where did you get the alorythms anyways? just a little curious.

Definitely easier coming from VB-like code to AutoIt, but unfortunately, that's not always possible.

As for where I got them from, various places on the net, at least the ones by me. The one's built from the specifications are literally straight from the spec pages. The DES optimized script was in Javascript/PHP originally, and I managed to find the AES optimized code in C, and successfully converted it to AutoIt. I think the Blowfish was a mix of specification and some other page I found (not really sure right now).

Share this post


Link to post
Share on other sites
arcker

omg, how did you do for blowfish ? (i was sure it was not free)

btw, can you tell us if it's crackable easily ?

because i search some algorithm that could save passwords using a master-password (for now i use peethebee functions)

to resume : what encryption for what usage ?

edit :

i've just test BlowFish..Really Impressive

i've just a little problem with decryption of a textfile (i've used your Readme.txt as input)

but, really good job man, maybe you could make a plugin of it ( for performance reason).

Edited by arcker

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]

Share this post


Link to post
Share on other sites
SkinnyWhiteGuy

omg, how did you do for blowfish ? (i was sure it was not free)

btw, can you tell us if it's crackable easily ?

because i search some algorithm that could save passwords using a master-password (for now i use peethebee functions)

to resume : what encryption for what usage ?

edit :

i've just test BlowFish..Really Impressive

i've just a little problem with decryption of a textfile (i've used your Readme.txt as input)

but, really good job man, maybe you could make a plugin of it ( for performance reason).

Acutally, according to this webpage, it is free, started free, and will be free. I just took one of the C versions from that website, and translated it. Read on the webpage for more info about it. If you keep having problems with it, let me know, and I'll see if I can't fix it for an update release.

As far as what's crackable easily, I really don't know. I'm not one to get into which one to use, I'm just a guy making the algorithms work for you, and let you decide which one you want to use. And about plugins, like I say in the Readme, I want to keep these as pure AutoIt script as I can, but if enough requests are made, I'll try my hand at plugin development (though it has been a long long time since I even looked at a C compiler).

Share this post


Link to post
Share on other sites
Automan Empire

Nice work SWG


"I've seen your work in the past, and it's novice at best..." SmOke_N

Share this post


Link to post
Share on other sites
luvmachine

Was amazing enough to make me log in and reply.

Thank you much, this is a great script and I know I'll get plenty of use out of it. :shocked:

Share this post


Link to post
Share on other sites
Pascal257

I really like it.

Now I don't need DLL's for MD5 anymore...

Share this post


Link to post
Share on other sites
archrival

What is the limitation on keys for AES?

#include "aes_optimized.au3"
#include <string.au3>
$key = _StringToHex('patch1')
$decryptthis = aes_cipher($key, 'undergroundagent')
MsgBox(0, "Test", $decryptthis)

Using this code I receive an error:

aes_optimized.au3 (22) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:

The same code using aes.au3 seems to work.

Share this post


Link to post
Share on other sites
SkinnyWhiteGuy

What is the limitation on keys for AES?

#include "aes_optimized.au3"
#include <string.au3>
$key = _StringToHex('patch1')
$decryptthis = aes_cipher($key, 'undergroundagent')
MsgBox(0, "Test", $decryptthis)

Using this code I receive an error:

aes_optimized.au3 (22) : ==> Array variable has incorrect number of subscripts or subscript dimension range exceeded.:

The same code using aes.au3 seems to work.

Well, technically, it's not supposed to work with either, because the key is supposed to be 128-Bit minimum, or 16 bytes/characters. Valid key lengths using the method you have are 16, 24, and 32 characters. Any others aren't supposed to work. That's some of the error checking I need to add to all these functions, along with future functions I make.

Hmm, I may change the read me to say how many bytes/characters can/should be used for keys from now on. The code can be modified to do exactly what you do with _StringToHex, I just left it like it is now to allow some people to use every key possible, without being limited to ASCII characters only. I'm thinking about adding a way to do both, just have it check the key passed in for a "0x" at the beginning of the string, and if present, treat entries after that as Hex codes, otherwise, use the ASCII codes for the characters passed in. More thought is required...

To solve your problem, use a longer key. I tested it, and it works just fine with the longer key.

Share this post


Link to post
Share on other sites
phkninja

Blowfish, AES are both uncrackable at the moment and both are free and open source with code everywhere. MD5 is crackable but is only a one way function so would be used as a pasword hash (sha1 is also crackable, so you need to implement sha256 or better if you want it entirely secure).

AES will take password of a key size of 128, 192 or 256 bits with a fixed block size of 128 bits of data at a time (as above). Rijendael (the algo AES is from) can take the same key lenghts and any multiple of 32 bits as its block size.

Blowfish is a 64 bit block size from 32 bits to 448 bits (2 characters to 56 characters).

Twofish (the AES entrant from the guys who wrte Blowfish) has a 128-bit block and 128, 192, or 256-bit key lengths.

Block size fo rthos who dont know is the amount of data procesed at one time.

The quickest solution to ensure the password is the right lenght is to md5 hash any password below 16 characters ong. This will ensure 16+ characters.

Edited by phkninja

Share this post


Link to post
Share on other sites
archrival

Blowfish, AES are both uncrackable at the moment and both are free and open source with code everywhere. MD5 is crackable but is only a one way function so would be used as a pasword hash (sha1 is also crackable, so you need to implement sha256 or better if you want it entirely secure).

AES will take password of a key size of 128, 192 or 256 bits with a fixed block size of 128 bits of data at a time (as above). Rijendael (the algo AES is from) can take the same key lenghts and any multiple of 32 bits as its block size.

Blowfish is a 64 bit block size from 32 bits to 448 bits (2 characters to 56 characters).

Twofish (the AES entrant from the guys who wrte Blowfish) has a 128-bit block and 128, 192, or 256-bit key lengths.

Block size fo rthos who dont know is the amount of data procesed at one time.

The quickest solution to ensure the password is the right lenght is to md5 hash any password below 16 characters ong. This will ensure 16+ characters.

I've used AES compression programs in the past, I have a file encrypted using 128 bit encryption. The password is 8 characters long, I know this password works with the aes encryption functions built in to the .net framework because I wrote a program to do so. Do you know if they merely tack on 8 bytes of zeroes or if they do something else like the md5 hash mentioned above?

Share this post


Link to post
Share on other sites
SkinnyWhiteGuy

Update to version 1.1, see top post for details.

Share this post


Link to post
Share on other sites
Jango

Update to version 1.1, see top post for details.

Hello,

First i would like to thank you for this script. I'm using it and particularly the base64 encryption but i don't know to the change the encryption key ?

Cu

Share this post


Link to post
Share on other sites
SkinnyWhiteGuy

Hello,

First i would like to thank you for this script. I'm using it and particularly the base64 encryption but i don't know to the change the encryption key ?

Cu

Well, I'm afraid I can't help you much there. The Base64 encoding isn't mine, and as far as I can tell, it isn't really encrypting either, so I don't even know if there is a key to be changed or not. I plan on sometime going all the way through it and changing some stuff with it to make it match everything else when I can.

Share this post


Link to post
Share on other sites
_Kurt

Hello,

Thanks for sharing these scripts, they are very useful. I have a question: what would you suggest to be the best encryption method for small text (less than 50 characters)? Which is the best to not be "hacked"/decrypted?

Kurt


Awaiting Diablo III..

Share this post


Link to post
Share on other sites
SkinnyWhiteGuy

Thanks to everyone who downloaded and likes these functions. I really appreciate knowing that I didn't do all that just for fun (even though I probably would have).

@Kurt

Well, the current standard that most everyone (even US government) uses is AES, so I'd say go with it.

After thinking about it for awhile, I may go back and give users an optional function parameter to allow you to choose which padding scheme you want used. There's 3 I can implement, the previous one (pad with null bytes), the current one (pad with n bytes, each byte has the value of n till block size is reached), and a third method (pad first with byte 80, then fill the rest with nulls till block size is reached). I was just going to ask if anyone would be interested/care if I did/didn't do something like that. With that option in, it would allow the scripts here to be more compatible with other systems you, the users, may use to interface/use this with, but if no one believes they will do such things with these scripts in the near future, I'll put that kind of update on the bottom of the list.

And finally, here is a tentative list of all the different algorithms I want to implement. If I've forgotten any good ones/included ones that aren't needed, also let me know. This is the time for anyone and everyone to make suggestions about what they'd like to see done.

AES, DES, Blowfish, Twofish, SKIPJACK, Arcfour, MD5, MD4, SHA1, Whirlpool, SHA256, SHA384, SHA512, Ripmed-128, Ripmed-160

That is, by no means, a comprehensive list of all encryption algorithms possible, just the ones I've read about and think might be the most popular ones to at least start out with. Let me know what you think.

Share this post


Link to post
Share on other sites
WeMartiansAreFriendly

Thanks to everyone who downloaded and likes these functions. I really appreciate knowing that I didn't do all that just for fun (even though I probably would have).

@Kurt

Well, the current standard that most everyone (even US government) uses is AES, so I'd say go with it.

After thinking about it for awhile, I may go back and give users an optional function parameter to allow you to choose which padding scheme you want used. There's 3 I can implement, the previous one (pad with null bytes), the current one (pad with n bytes, each byte has the value of n till block size is reached), and a third method (pad first with byte 80, then fill the rest with nulls till block size is reached). I was just going to ask if anyone would be interested/care if I did/didn't do something like that. With that option in, it would allow the scripts here to be more compatible with other systems you, the users, may use to interface/use this with, but if no one believes they will do such things with these scripts in the near future, I'll put that kind of update on the bottom of the list.

And finally, here is a tentative list of all the different algorithms I want to implement. If I've forgotten any good ones/included ones that aren't needed, also let me know. This is the time for anyone and everyone to make suggestions about what they'd like to see done.

AES, DES, Blowfish, Twofish, SKIPJACK, Arcfour, MD5, MD4, SHA1, Whirlpool, SHA256, SHA384, SHA512, Ripmed-128, Ripmed-160

That is, by no means, a comprehensive list of all encryption algorithms possible, just the ones I've read about and think might be the most popular ones to at least start out with. Let me know what you think.

perhaps.. i'm might be walking a thin rope, but you could create your own encryption algorithm (love that word!!)..


Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.