Solved

when does a byte not equal a byte...

Posted on 2011-09-29
11
327 Views
Last Modified: 2012-05-12
I have the code block in my application.
my application has been running for years.
the code works, EXCEPT (as I discovered today) when the code being encrypted/decrypted is 7 characters long and contains a 'y'.  in that case, the 'y' is changed to an '8', so the strings don't match.
as in 'maybeso' will not work, but 'maybenot' does.

Talk about wonky.
any ideas?
Current code is in Delphi 2010, running in windows 64 bit.

function EncryptStr(aStr : string) : string;
var
  i : integer;
  aString : string;
  aResult : string;
begin
   result := '';
   aString := aStr;
   for i := 1 to Length(aString) do
      aresult := aResult + ConnieEncrypt(aString[i], Length(aString));
   result := aResult;
end;
function ConnieEncrypt(aStr : char; aBit : integer) : char;
begin
   result := chr(byte(ord(aStr)) + aBit);
end;
function ConnieDecrypt(aStr : char; aBit : integer) : char;
begin
   result := Chr(byte(ord(aStr)) - aBit);
end;
function DecryptStr(aStr : string) : string;
var
  i : integer;
  aString : string;
  aResult : string;
begin
   result := '';
   aString := aStr;
   for i := 1 to length(aString) do
      aresult := aResult + ConnieDecrypt(aString[i],length(aString));
   result := aResult;
end;

Open in new window

0
Comment
Question by:ccMcBride
  • 5
  • 4
  • 2
11 Comments
 
LVL 25

Expert Comment

by:epasquier
ID: 36816669
that is not such a good idea to do that like that, you have too little control of how is managed the overlap of byte values to Char valid range. All the more if UNICODE Chars are concerned, like in your case.

a) do you need UNICODE chars or plain ANSI (ASCII) ?
b) will it be OK if you have #0 values in your string ?
function EncryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
var
 i:integer;
begin
 if Shift=0 Then Shift:=Length(aStr);
 for i:=1 to Length(aStr) do aStr[i]:=ANSIChar((Byte(aStr[i])+Shift) And $FF));
 Result:=aStr;
end;


function DecryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
begin
 if Shift>0 Then Shift:=-Shift;
 if Shift=0 Then Shift:=-Length(aStr);
 Result:=EncryptStr(aStr,Shift);
end;

Open in new window

0
 

Author Comment

by:ccMcBride
ID: 36816756
it's used daily, but lightly.
I think I hit something bizarre in my project that I can't find, because my test app, which uses the exact  same function from the exact same field, is working fine with the exact same values.

It's just a plain text field.  Don't need anything special about it - other than it be encrypted when stored to the database.

0
 
LVL 100

Expert Comment

by:mlmcc
ID: 36816860
Is this to compare passwords?

How is the password stored?
I assume encrypted.

WHy not just encrypt and compare the encrypted strings.

ANother would be to just append a blank to the end if it  characters and encrypt that.

mlmcc
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36816885
'y' + 7 goes directly to #128 and therefore is subject to UNICODE translation. That is why I asked if you needed UNICODE strings.
I suspect you'll have also problems with 'z' in a 6 char string
like 'zorro!'
can you try ?
0
 

Author Comment

by:ccMcBride
ID: 36816921
It is.
and the encrypted strings are stored in the database.
As I said, been in place for over a decade.

here is what is happening:
in my 'big' app, maybeso encrypts to :
'th?ilzv'
in my test app, it encrypts to :
th¿ilzv

only difference I can see is the components (and to remove that as a 'factor', I added code to store the text from the component into a string in my big app), and get same bad result.

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:ccMcBride
ID: 36816946
epasquier is correct.
zorro works. zzzzzz does not.
returns 9.
so, how do I fix that?
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36817009
here is the result of Crypting / Decrypting with 'maybeso'

Encrypt :
109
97
121
98
101
115
111
> th¿ilzv
116
104
128
105
108
122
118
< maybeso
109
97
121
98
101
115
111

Open in new window


As you can see the encrypted string gives 'th¿ilzv' , 6 characters only. When I decrypt it immediately, eveuthing is ok. I suspect of course the y that transforms to #128, which is probably interpreted in UNICODE strings as a NUL character. If you use it that string a bit between encrypt and decrypt, it might be that this char is lost.
Here what it would give to decrypt 'thilzv' without the mysterious char : 'nbcftp' .
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36817021
you should save the encrypted string as an array of byte. That is the only way to be sure that your DB will not convert anything when storing. And that no unwanted or uncontrolled translation occurs in Delphi  either.
0
 
LVL 25

Accepted Solution

by:
epasquier earned 500 total points
ID: 36817044
or, again, use my functions (small type error, a ')' is too much in EncryptStr.

I tested, work fine with 'maybeso', and will surely be good enough to a very week encryption such as this

maybeso <==> th€ilzv

Open in new window

function EncryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
var
 i:integer;
begin
 if Shift=0 Then Shift:=Length(aStr);
 for i:=1 to Length(aStr) do aStr[i]:=ANSIChar((Byte(aStr[i])+Shift) And $FF);
 Result:=aStr;
end;


function DecryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
begin
 if Shift>0 Then Shift:=-Shift;
 if Shift=0 Then Shift:=-Length(aStr);
 Result:=EncryptStr(aStr,Shift);
end;

Open in new window

0
 
LVL 100

Expert Comment

by:mlmcc
ID: 36817070
May also have trouble with
x's in an 8 character word, w's in a 9 character word, etc

mlmcc
0
 

Author Closing Comment

by:ccMcBride
ID: 36817343
Awesome.  even works with existing passwords.
I know it's 'weak', but in this particular case, has to work on an unencrypted database without showing up in search screens, reports, and the like.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now