Sunday, October 21, 2018

Encrypting files with the ability to quickly change the password

NOTE: This is just a proof of concept and this exact implementation should NOT be used in production. There are other elements in security omitted from this article, so this is strictly for POC and educational purposes.

While working the other day, I was suggested to a guest by a co-worker. The question revolved around cryptography. His scenario is say we decided to encrypt a large set of data maybe 2TB in size with a particular key (lets use "cat" for this example). The issue was that if you wanted to change the password you would essentially have to first decrypt it to obtain the original data, then take that and encrypt it with a new password (lets say "dog"). He wanted a method where he wouldn't have to re-encrypt his data while still being able to change the password. He said he went to the genius bar at apple and they told him it is impossible. I will present a possible solution to the problem. The solution allows for a user to encrypt and decrypt with a password, and also have the ability to quickly change that password without having to first decrypt and re-encrypt.

If you are to imagine encrypting a file. What you typically need is (in this case AES128) a 128bit key, and a 128bit IV. Typically this Key/IV can be generated with a hash algorithm (in this case like SHA256) which produces the necessary size key/IV. An adversary would need to know what "Password" you used to produce the same hash that it did which was used to encrypt the data. The link between the "Password" and the "Key/IV" is a Hash function. That "Key/IV is never stored anywhere either, it is just a result of the hash function only when needed and when the original "Password" was the input. So how can we make it so that we have the ability force another "Password" to produce the same "Key/IV" and the old one produce a completely different/wrong "Key/IV"? The simplest solution is XOR.

The scheme would look like this:
[Encrypt]
1) Choose desired "Password".
2) Hash the "Password" in step 1.
3) Generate cryptographic random bytes (length of "Key/IV").
4) Encrypt Data with random bytes from step 3).
5) XOR the random bytes in step 3 with the "Password" hash in step 2 to get a bit mask.
6) Prepend or Append or store the bit mask in step 5.

[Decrypt]
1) Enter "Password".
2) Hash the "Password" in step 1.
3) Read bit mask in [Encrypt]Step 5 where ever it was stored.
4) Xor bit mask from step 3 with "Password" hash in step 2 to get the "Key/IV".
5) Decrypt Data with "Key/IV" from step 4.

[Change Password]
1) Enter current "Password".
2) Hash the "Password" in step 1.
3) Read bit mask in [Encrypt]Step 5 where ever it was stored.
4) Xor bit mask from step 3 with "Password" hash in step 2 to get the "Key/IV".
5) Enter the new "Password".
6) Hash the "Password" in step 5.
7) Xor "Password" hash in step 6 with "Key/IV" in step 4 to get a new bit mask.
8) Replace where ever the old bit mask was stored with the new bit mask in step 7.

Now for some code and proof of concept:

First lets get some AES code going. One which takes a byte array to use as the "Key/IV".


Now we need a cryptographic random number generator, a way to XOR two byte arrays, and finally a SHA256 hash function.




Next up lets implement the Encryption, Decryption, and the Change methods. I will be saving the bit mask as a file called ".bm" along side the encrypted file which will be called ".en".


Here is the test code in order:


Initially we start off with this test image/file.


Then we run the FlexEncrypt method to get a new folder with the encrypted file and its bitmask inside:


Here are those two files inside:


Here is a look at those two files in a hex editor:


Now we run the FlexChange method to change the password from "cat" to "dog" and in the Hex editor we can see that the encrypted file stays the same but the bitmask has changed.


Finally we decrypt with the password "dog" and we get this decrypt folder with hopefully the original test image we started off with:


And indeed we do:

Thursday, October 11, 2018

New MicroSecond Timer

So a while ago, I stitched together a little Timer class which does sub millisecond timings because windows isn't a real-time operating system and the Framework doesn't out of the box provide any timers capable of such for my game engine. It was a rough stitch to say the least but I've gotten around to looking it over and making it a little bit cleaner etc. I also commented as much as possible to explain what the code is/does.

Tuesday, April 24, 2018

TransparentJPG2

   So a while back I had the need for a lossy image format that supports transparency and is widely used. I decided to try my hand at making my own solution. I settled to base the format on Jpeg since it is arguably the most widely used image format. The only problem is that it doesn't support transparency. I set out to essentially inject transparency data into the Jpeg format with pretty acceptable results. After using it for a while though I noticed some problems. There were artifacts sometimes present at the top edge of images. After some investigating this is caused by the image height not being a factor of 8 since Jpeg works on 8x8 chunks the transparency information would get mixed in with the color information causing it to have a slim but noticeable artifact. Version 2 fixes the problems as well as provides some performance improvements. The tool set provided though is different from the first version as their is more than just a converter, a viewer, and the library. This version also utilizes a valid Jpeg header and Magic making it view-able in some applications that natively support Jpeg  (like Google Chrome, Ms Paint, etc) just that the image will not appear as intended.

======================================================================

Original TransparentJPG: POST

======================================================================

Download: MEGA

======================================================================

Inside the rar container are several executables and a DLL.

PrependTransparentJpgHeader.exe - Adds the proper Magic/Header information to normal Jpg file.    This is used after converting the Master to Jpeg.

TJPG.ico - The icon used for the format.

ToTransparentJpg.exe - A ease of use tool to convert from PNG straight to Tjpg without all the hassle of using the other files.

ToTransparentJpgMaster.exe - Used to output the image used to construct the Tjpg. The output image is in BMP format and can be converted via any tool/method you choose.

TransparentJPG.dll - The library to integrate TransparentJpg2 into your .Net programs.

TransparentJpgToPng.exe - Converts from Tjpg format to Png format.

TransparentJpgViewer.exe - Tool used to view Tjpg files.

======================================================================

Usage: You are free to use the ToTransparentJpg.exe if you want something quick and simple. But if you want more control you would either use the TransparentJPG.dll if you are a .Net programmer or use the provided tools in the following order.

1) Drag and Drop your Png image over ToTransparentJpgMaster.exe - It will produce a Bmp file that calculates and places the color and alpha in the proper place for when the Master is converted to Jpg. You are free to modify the Master in its Bmp state as you like.

2) Convert the Master Bmp to Jpeg anyway you choose - the reason this step is included is so people can use their own method of conversion with filters and smoothing and quality settings, as well as their choice of Jpeg encoder.

3) Turn the Master Jpg to Tjpg by Drag and Drop over PrependTranparentJpgHeader.exe - This will prepend the proper Magic/Header and save a new Tjpg file.

Here you can see some comparisons:
PNG vs TJPG2



TJPG vs TJPG2