ansaurus

Question

Answer 1

+2 A:

Use Xor ^ operator and not And &. Also you should not assume that data and key are the same length.

public class Cryptographer
{
    private byte[] Keys { get; set; }

    public Cryptographer(string password)
    {
        Keys = Encoding.ASCII.GetBytes(password);
    }

    public void Encrypt(byte[] data)
    {
        for(int i = 0; i < data.Length; i++)
        {
            data[i] = (byte) (data[i] ^ Keys[i % Keys.Length]);
        }
    }

    public void Decrypt(byte[] data)
    {
        for (int i = 0; i < data.Length; i++)
        {
            data[i] = (byte)(Keys[i % Keys.Length] ^ data[i]);
        }
    }
}

Alex Reitbort 2010-09-14 15:04:24

But I want it to be a bit more advanced, and I am really confused right now.

Basser 2010-09-14 15:05:06

Alex Reitbort 2010-09-14 15:15:25

Answer 2

+8 A:

This is what is sometimes known as 'craptography', because it provides the illusion of security while being functionally useless in protecting anything. Use the framework classes if you want to do cryptography right, because it's extremely difficult to roll your own.

Take a look at this for advice on what you are trying to do (encrypt/decrypt) - http://msdn.microsoft.com/en-us/library/e970bs09.aspx. Really your requirements should determine what classes you decide to use. This has good background: http://msdn.microsoft.com/en-us/library/92f9ye3s.aspx

For simple encrypt/decrypt (if this is what you need) DPAPI may be the simplest way.

Steve Townsend 2010-09-14 15:04:52

+1, just for "craptography" :)

LukeH 2010-09-14 15:06:53

Pencgnfgvp nafjre!

bzlm 2010-09-14 15:06:57

I do not know a lot about cryptography, and I certainly do not know how to implement them.

Basser 2010-09-14 15:07:27

@Basser You don't need to "implement" the framework classes. You just need to click the link.

bzlm 2010-09-14 15:08:03

@bzlm, I've never used one of those classes, I will need to set them up correctly and secure.

Basser 2010-09-14 15:09:03

@Basser You sure will. Best of luck!

bzlm 2010-09-14 15:10:06

Sorry if post seems harsh but this is a certifiably 'hard problem' that is being continually worked on by people (good guys and bad guys) way smarter than you or me, hence writing your own is not advisable.

Steve Townsend 2010-09-14 15:11:06

Which cryptography is the easiest to use to your opinion, I really doubt I will get them working correctly.

Basser 2010-09-14 15:11:40

Take a look at this for advice on what you need to do - http://msdn.microsoft.com/en-us/library/e970bs09.aspx. Really your requirements should determine what classes you decide to use. This has good background: http://msdn.microsoft.com/en-us/library/92f9ye3s.aspx

Steve Townsend 2010-09-14 15:16:14

@Basser: The only security mechanism that I'm aware of that is easy to get right is SSL/TLS ( [SslStream](http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx) ). Any homegrown mechanism that combines popular algorithms like AES, SHA-1 from the System.Security.Cryptography Namespace is a placebo at best and a danger at worst.

dtb 2010-09-14 15:18:35

Answer 3

+6 A:

You seem to be trying to implement the XOR cipher. XOR is ^ in C#:

public void Crypt(byte[] data)
{
    for(int i = 0; i < data.Length; i++)
    {
        data[i] = (byte) (data[i] ^ Keys[i]);
    }                             ↑
}

Since the Encrypt and Decrypt method do exactly the same, you need only one method.

Note, however, that this is just a toy and not suitable to secure data in real-world scenarios. Have a look at the System.Security.Cryptography Namespace which provides many implementations of proven algorithms. Using these correctly is still hard to get right though.

dtb 2010-09-14 15:05:06

A (silly) nitpick: XOR encryption can be secure if *(a)* the key is at least as long as the message, *(b)* the key is truly random, and *(c)* the key is never re-used. Voila! A one-time pad.

LukeH 2010-09-14 15:14:06

ansaurus

tags:

views:

answers:

Byte array cryptography in C#

related questions