Board index » delphi » Storing Char > 128

Storing Char > 128

I've got a password field that I'm trying to use encryption method's on.
But, I can't get it to store a value greater than 128 into the file. I
thought of using a "Blob" memo maybe, but I am using Delphi 1, and that
doesn't seem to be an option.  Is there some other kind of field type I need
to use in order to store a character > 128?

Jesse

 

Re:Storing Char > 128


[Mounting old hobbyhorse]

Apply the following function to your encrypted string:

  For i := 0 To EncryptedLength - 1 Do
  Begin
    Encryption[i] := ( Encryption[i] Mod 96 ) + 32;
  End;
  Encryption[ EncryptedLength ] := #0;

This way, your encrypted string will be a neat string containing only
printable ASCII characters between 32 and 127, and encryption is better.

Disadvantage is that you cannot directly decrypt anymore, but that you
must compare two encrypted strings, i.e. instead of doing

   If Password = Decrypt( StoredPassword ) Then ....

you must do

   If Crypt( Password ) = StoredPassword Then ....

But this should not be a problem (In fact, this is the way God meant
encryption to be when he created crypt(3)).

[dismount]

JdV!!

Quote
Jesse Castleberry wrote:

> I've got a password field that I'm trying to use encryption method's on.
> But, I can't get it to store a value greater than 128 into the file. I
> thought of using a "Blob" memo maybe, but I am using Delphi 1, and that
> doesn't seem to be an option.  Is there some other kind of field type I need
> to use in order to store a character > 128?

> Jesse

--
========================================================================
Jan de Visser                          etmj...@aom.ericsson.se
M?/ETX/A/B NMAC Team SAC
tel. +46 31 74 71890                   ECN 865 71890
                    Vette pech voor de kabouters!
========================================================================

Re:Storing Char > 128


On Wed, 18 Mar 1998 15:39:00 -0500, "Jesse Castleberry"

Quote
<D...@iThink.net> wrote:

(:>I've got a password field that I'm trying to use encryption method's on.
(:>But, I can't get it to store a value greater than 128 into the file. I
(:>thought of using a "Blob" memo maybe, but I am using Delphi 1, and that
(:>doesn't seem to be an option.  Is there some other kind of field type I need
(:>to use in order to store a character > 128?

If you are encrypting it, what's wrong with a string? In the Database
Desktop Builder that's an "A" definition.

Peter

The Aluminator Holsters
http://aluminator.tierranet.com
(Excuse typo's as I hack at 60+wpm and don't re-read)
(Spelling errors are better than NO reply at all <G>)

Re:Storing Char > 128


Quote
>If you are encrypting it, what's wrong with a string? In the Database
>Desktop Builder that's an "A" definition.

That's what I'm using.  I've got a field called "Password", and it's type is
"A".  Evidently, "A" (Alpha?) means just that, characters ranging from ASCII
32 to ASCII 127.  That's my guess anyway.  I guess I'm just looking for
confirmation of this assumption.

Jesse

Re:Storing Char > 128


In article <6epbds$6v...@news10.ispnews.com>, Jesse Castleberry
<D...@iThink.net> wrote

Quote
>I've got a password field that I'm trying to use encryption method's on.
>But, I can't get it to store a value greater than 128 into the file.

Why not uuencode the encrypted string before storing it?

This way, the encrypted string is converted into characters from ASCII
33 to 96, so the problem of storing characters over ascii 128 is
avoided.

Here's some code adapted from code samples from web sites. The
encryption routine is not very secure but is good enough to stop a
casual snooper.

The uuencoding can be used with other encrypion routines, of course. If
you have a good string encryption routine for Delphi 1, I'd be
interested to see it.

const
  C1 = 52845;
  C2 = 22719;
  myKey =12345;

type
  TTriplet = Array[0..2] of Byte;
  TKwartet = Array[0..3] of Byte;

var
  Triplet:TTriplet;
  Kwartet:TKwartet;

function uuencode(inStr:string):string;

  procedure Triplet2Kwartet(const Triplet: TTriplet;
                            var Kwartet: TKwartet);
  var
    i: Integer;
  begin
    Kwartet[0] := (Triplet[0] SHR 2);
    Kwartet[1] := ((Triplet[0] SHL 4) AND $30) +
                  ((Triplet[1] SHR 4) AND $0F);
    Kwartet[2] := ((Triplet[1] SHL 2) AND $3C) +
                  ((Triplet[2] SHR 6) AND $03);
    Kwartet[3] := (Triplet[2] AND $3F);
    for i:=0 to 3 do
      if Kwartet[i] = 0 then
        Kwartet[i] := $40 + 32
      else Inc(Kwartet[i], 32)
  end {Triplet2Kwartet};

var
  tripChunk:string[3];
  tripPos:byte;
begin {uuencode}
  result:='';
  tripPos:=1;
  tripChunk:=copy(inStr,tripPos,3);
  while tripChunk<>'' do
  begin
    case length(tripChunk) of
      1:begin
          Triplet[0]:=ord(tripChunk[1]);
          Triplet[1]:=0;
          Triplet[2]:=0;
          Triplet2Kwartet(Triplet,Kwartet);
          result:=result+chr(Kwartet[0])+chr(Kwartet[1])+chr(Kwartet[2])
+chr(Kwartet[3]);
          break
        end;
      2:begin
          Triplet[0]:=ord(tripChunk[1]);
          Triplet[1]:=ord(tripChunk[2]);
          Triplet[2]:=0;
          Triplet2Kwartet(Triplet,Kwartet);
          result:=result+chr(Kwartet[0])+chr(Kwartet[1])+chr(Kwartet[2])
+chr(Kwartet[3]);
          break
        end;
      3:begin
          Triplet[0]:=ord(tripChunk[1]);
          Triplet[1]:=ord(tripChunk[2]);
          Triplet[2]:=ord(tripChunk[3]);
          Triplet2Kwartet(Triplet,Kwartet);
          result:=result+chr(Kwartet[0])+chr(Kwartet[1])+chr(Kwartet[2])
+chr(Kwartet[3]);
          inc(tripPos,3);
          tripChunk:=copy(inStr,tripPos,3)
        end;
    end;
  end
end;  {uuencode}

function uudecode(inStr:string):string;

  procedure Kwartet2Triplet(const Kwartet: TKwartet;
                            var Triplet: TTriplet);
  begin
    Triplet[0] :=  ((Kwartet[0] - 32) SHL 2) +
                  (((Kwartet[1] - 32) AND $30) SHR 4);
    Triplet[1] := (((Kwartet[1] - 32) AND $0F) SHL 4) +
                  (((Kwartet[2] - 32) AND $3C) SHR 2);
    Triplet[2] := (((Kwartet[2] - 32) AND $03) SHL 6) +
                   ((Kwartet[3] - 32) AND $3F)
  end {Kwartet2Triplet};

var
  kwartChunk:string[4];
  kwartPos:byte;
begin {uudecode}
  kwartPos:=1;
  result:='';
  kwartChunk:=copy(inStr,kwartPos,4);
  while kwartChunk<>'' do
  begin
    Kwartet[0]:=ord(kwartChunk[1]);
    Kwartet[1]:=ord(kwartChunk[2]);
    Kwartet[2]:=ord(kwartChunk[3]);
    Kwartet[3]:=ord(kwartChunk[4]);
    Kwartet2Triplet(Kwartet,Triplet);
    result:=result+chr(Triplet[0])+chr(Triplet[1])+chr(Triplet[2]);
    inc(kwartPos,4);
    kwartChunk:=copy(inStr,kwartPos,4);
  end
end;  {uudecode}

function Encrypt(const S: String; Key: Word): String;
var
  I: byte;
begin  {encrypt}
  Result[0] := S[0];
  for I := 1 to Length(S) do begin
    Result[I] := char(byte(S[I]) xor (Key shr 8));
    Key := (byte(Result[I]) + Key) * C1 + C2;
  end;
  result:=uuencode(result)
end;

function Decrypt(const S: String; Key: Word): String;
var
  I: byte;
  origLength:integer;
  count96:byte;
  decodeStr:string;
begin
  count96:=0;
  if s[length(s)]=#96 then
    if s[length(s)-1]<>#96 then
      count96:=1
    else
      count96:=2;

  origLength:=length(s) div 4 * 3 - count96;
  decodeStr:=copy(uudecode(S),1,origLength);

  Result[0] := decodeStr[0];
  for I := 1 to Length(decodeStr) do begin
    Result[I] := char(byte(decodeStr[I]) xor (Key shr 8));
    Key := (byte(decodeStr[I]) + Key) * C1 + C2;
  end;
end;

The above encrypt function encrypts/encodes from these strings...

This is a test of my crypto routine.
It's not strong encryption but it works.
This is another line of my test.

... to these strings (using myKey as the key)...

9`D1':8W;5(Q[R_U)+9@&J,('*%=G.L+2<-WK80F9?,XHFHW

Quote
>23/E,@<V+'\5XW0(+,/TIR65DOAH]I:T/60`-SW%M2?%"'Y.;)IS@``

9`D1':8W;5(QH1FRY%XUUP1S'54R*2JT?H4IT"""`MX`

(which should be stored OK)

... and the decrypt function reproduces the original strings (again
using myKey as the key).

--
Gary Jones (Replace "zappa" with "demon" in e-mail address)
PGP public keys available from servers
RSA Key ID: 0x6AFBEAA1
DSS/Diffie-Hellman Key ID: 0x11EAE903

Re:Storing Char > 128


On Thu, 19 Mar 1998 09:05:45 +0100, Jan de Visser

Quote
<etmj...@aom.ericsson.se> wrote:
>Apply the following function to your encrypted string:

>  For i := 0 To EncryptedLength - 1 Do
>  Begin
>    Encryption[i] := ( Encryption[i] Mod 96 ) + 32;
>  End;
>  Encryption[ EncryptedLength ] := #0;

>This way, your encrypted string will be a neat string containing only
>printable ASCII characters between 32 and 127, and encryption is better.

I seriously doubt that the above method might work.

Say the user's password is 'AB'. Say the encryption method converts an
'A' to #1 and a 'B' to #97. The routine described above would
translate the #1#97 into #33#33, which (when translated back) would
yield #1#1,which would decrypt into 'AA', not 'AB'.

Every time the user chooses a password that includes even a single
letter (perhaps an ordinary keyboard character) that encrypt into
anything above #96, the encryption is going to get messed up, and the
user will be barred from access EVEN WHEN HE ENTERS THE CORRECT
PASSWORD.

I have a simple approach: I convert encrypted strings into their
hexadecimal (string) equivalent. If 'AB' encrypts into #1#97, I will
save that as '0161' - of course, this takes up twice as much space,
but translates back into #1#97 (or 'AB') every time.

function Encode(const Src: string): string;
var Dest,Temp: string; I,N: integer;
begin
  Dest := '';
  for I := 1 to Length(Src) do
  begin
    N := Ord(Src[I]);
    Temp := Format('%0.2x',[N]);
    Dest := Concat(Dest, Temp)
  end;
  Result := Dest
end;

function Decode(const Src: string): string;
var
begin
  Dest := '';
  if Src > '' then
  begin
    I := 1;
    while I < Length(Src) do
    begin
      Temp := '$' + Copy(Src,I,2);
      N := StrToInt(Temp);
      Dest := Concat(Dest, Chr(N));
      Inc(I,2)
    end
  end;
  Result := Dest
end;

--
{*word*104}cat
AKA MauriceV

Re:Storing Char > 128


In article <3512b8b0.962...@news.mia.bellsouth.net>, {*word*104}cat
<Mauri...@bellsouth.net> wrote

Quote
>I have a simple approach: I convert encrypted strings into their
>hexadecimal (string) equivalent.

I used to do exactly that. The uuencode approach (see my post) gives
smaller encrypted strings and is faster, even though the code looks more
complicated.

--
Gary Jones (Replace "zappa" with "demon" in e-mail address)
PGP public keys available from servers
RSA Key ID: 0x6AFBEAA1
DSS/Diffie-Hellman Key ID: 0x11EAE903

Re:Storing Char > 128


Quote
{*word*104}cat wrote:

> On Thu, 19 Mar 1998 09:05:45 +0100, Jan de Visser
> <etmj...@aom.ericsson.se> wrote:

> >Apply the following function to your encrypted string:

> >  For i := 0 To EncryptedLength - 1 Do
> >  Begin
> >    Encryption[i] := ( Encryption[i] Mod 96 ) + 32;
> >  End;
> >  Encryption[ EncryptedLength ] := #0;

> >This way, your encrypted string will be a neat string containing only
> >printable ASCII characters between 32 and 127, and encryption is better.

> I seriously doubt that the above method might work.

> Say the user's password is 'AB'. Say the encryption method converts an
> 'A' to #1 and a 'B' to #97. The routine described above would
> translate the #1#97 into #33#33, which (when translated back) would
> yield #1#1,which would decrypt into 'AA', not 'AB'.

As I stated in the part of the message that you deleted, you cannot
decrypt anymore. This is not a problem, since you should not check
passwords by comparing the decrypted stored password with the text the
user entered, but the other way around.

Please read before flaming people's code.

[ SNIP ]

========================================================================
Jan de Visser                          etmj...@aom.ericsson.se
M?/ETX/A/B NMAC Team SAC
tel. +46 31 74 71890                   ECN 865 71890
                    Vette pech voor de kabouters!
========================================================================

Re:Storing Char > 128


On Mon, 23 Mar 1998 08:56:14 +0100, Jan de Visser

Quote
<etmj...@aom.ericsson.se> wrote:
>As I stated in the part of the message that you deleted, you cannot
>decrypt anymore. This is not a problem, since you should not check
>passwords by comparing the decrypted stored password with the text the
>user entered, but the other way around.

>Please read before flaming people's code.

The point is that your encryption scheme utilizes an Ord(96)
operation, which provides a built-in weakness and invalidates the
entire encryption scheme.

A simple example: Say the user's password consists of a single space
(#32#32). A hacker would be able to gain access to whatever data is
protected by entering a #32 as a password, or #128 (32+96), or #224
(32+96+96). Using your algorithm, all three encrypt to exactly the
same thing. The same goes for longer passwords. Also, the ease with
which a hacker might gain access would be increased tremendously if
two-byte characters (wide chars) are used: In such a case, more than
three hundred characters (as opposed to only three) would encrypt to
exactly the same thing.

--
{*word*104}cat

We're born {*word*192}, hungry, covered in {*word*76}
and screaming. Then it gets worse.

Re:Storing Char > 128


You have NOT read my first post. I am not saying you should only do the
Mod() trick, but this should be done AFTER applying a decent encryption
algorithm.

And now go away!

JdV!!

Quote
{*word*104}cat wrote:

> On Mon, 23 Mar 1998 08:56:14 +0100, Jan de Visser
> <etmj...@aom.ericsson.se> wrote:

> >As I stated in the part of the message that you deleted, you cannot
> >decrypt anymore. This is not a problem, since you should not check
> >passwords by comparing the decrypted stored password with the text the
> >user entered, but the other way around.

> >Please read before flaming people's code.

> The point is that your encryption scheme utilizes an Ord(96)
> operation, which provides a built-in weakness and invalidates the
> entire encryption scheme.

> A simple example: Say the user's password consists of a single space
> (#32#32). A hacker would be able to gain access to whatever data is
> protected by entering a #32 as a password, or #128 (32+96), or #224
> (32+96+96). Using your algorithm, all three encrypt to exactly the
> same thing. The same goes for longer passwords. Also, the ease with
> which a hacker might gain access would be increased tremendously if
> two-byte characters (wide chars) are used: In such a case, more than
> three hundred characters (as opposed to only three) would encrypt to
> exactly the same thing.

> --
> {*word*104}cat

> We're born {*word*192}, hungry, covered in {*word*76}
> and screaming. Then it gets worse.

--
========================================================================
Jan de Visser                          etmj...@aom.ericsson.se
M?/ETX/A/B NMAC Team SAC
tel. +46 31 74 71890                   ECN 865 71890
                    Vette pech voor de kabouters!
========================================================================

Re:Storing Char > 128


On Thu, 02 Apr 1998 08:50:02 +0200, Jan de Visser

Quote
<etmj...@aom.ericsson.se> wrote:
>You have NOT read my first post. I am not saying you should only do the
>Mod() trick, but this should be done AFTER applying a decent encryption
>algorithm.

>And now go away!

You just don't get it. Fine. Hopefully others will before they make
the same mistake.

--
{*word*104}cat

We're born {*word*192}, hungry, covered in {*word*76}
and screaming. Then it gets worse.

Other Threads