Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

when does a byte not equal a byte...

Posted on 2011-09-29
11
Medium Priority
?
342 Views
Last Modified: 2012-05-12
I have the code block in my application.
my application has been running for years.
the code works, EXCEPT (as I discovered today) when the code being encrypted/decrypted is 7 characters long and contains a 'y'.  in that case, the 'y' is changed to an '8', so the strings don't match.
as in 'maybeso' will not work, but 'maybenot' does.

Talk about wonky.
any ideas?
Current code is in Delphi 2010, running in windows 64 bit.

function EncryptStr(aStr : string) : string;
var
  i : integer;
  aString : string;
  aResult : string;
begin
   result := '';
   aString := aStr;
   for i := 1 to Length(aString) do
      aresult := aResult + ConnieEncrypt(aString[i], Length(aString));
   result := aResult;
end;
function ConnieEncrypt(aStr : char; aBit : integer) : char;
begin
   result := chr(byte(ord(aStr)) + aBit);
end;
function ConnieDecrypt(aStr : char; aBit : integer) : char;
begin
   result := Chr(byte(ord(aStr)) - aBit);
end;
function DecryptStr(aStr : string) : string;
var
  i : integer;
  aString : string;
  aResult : string;
begin
   result := '';
   aString := aStr;
   for i := 1 to length(aString) do
      aresult := aResult + ConnieDecrypt(aString[i],length(aString));
   result := aResult;
end;

Open in new window

0
Comment
Question by:Connie McBride
  • 5
  • 4
  • 2
11 Comments
 
LVL 25

Expert Comment

by:epasquier
ID: 36816669
that is not such a good idea to do that like that, you have too little control of how is managed the overlap of byte values to Char valid range. All the more if UNICODE Chars are concerned, like in your case.

a) do you need UNICODE chars or plain ANSI (ASCII) ?
b) will it be OK if you have #0 values in your string ?
function EncryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
var
 i:integer;
begin
 if Shift=0 Then Shift:=Length(aStr);
 for i:=1 to Length(aStr) do aStr[i]:=ANSIChar((Byte(aStr[i])+Shift) And $FF));
 Result:=aStr;
end;


function DecryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
begin
 if Shift>0 Then Shift:=-Shift;
 if Shift=0 Then Shift:=-Length(aStr);
 Result:=EncryptStr(aStr,Shift);
end;

Open in new window

0
 

Author Comment

by:Connie McBride
ID: 36816756
it's used daily, but lightly.
I think I hit something bizarre in my project that I can't find, because my test app, which uses the exact  same function from the exact same field, is working fine with the exact same values.

It's just a plain text field.  Don't need anything special about it - other than it be encrypted when stored to the database.

0
 
LVL 101

Expert Comment

by:mlmcc
ID: 36816860
Is this to compare passwords?

How is the password stored?
I assume encrypted.

WHy not just encrypt and compare the encrypted strings.

ANother would be to just append a blank to the end if it  characters and encrypt that.

mlmcc
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 25

Expert Comment

by:epasquier
ID: 36816885
'y' + 7 goes directly to #128 and therefore is subject to UNICODE translation. That is why I asked if you needed UNICODE strings.
I suspect you'll have also problems with 'z' in a 6 char string
like 'zorro!'
can you try ?
0
 

Author Comment

by:Connie McBride
ID: 36816921
It is.
and the encrypted strings are stored in the database.
As I said, been in place for over a decade.

here is what is happening:
in my 'big' app, maybeso encrypts to :
'th?ilzv'
in my test app, it encrypts to :
th¿ilzv

only difference I can see is the components (and to remove that as a 'factor', I added code to store the text from the component into a string in my big app), and get same bad result.

0
 

Author Comment

by:Connie McBride
ID: 36816946
epasquier is correct.
zorro works. zzzzzz does not.
returns 9.
so, how do I fix that?
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36817009
here is the result of Crypting / Decrypting with 'maybeso'

Encrypt :
109
97
121
98
101
115
111
> th¿ilzv
116
104
128
105
108
122
118
< maybeso
109
97
121
98
101
115
111

Open in new window


As you can see the encrypted string gives 'th¿ilzv' , 6 characters only. When I decrypt it immediately, eveuthing is ok. I suspect of course the y that transforms to #128, which is probably interpreted in UNICODE strings as a NUL character. If you use it that string a bit between encrypt and decrypt, it might be that this char is lost.
Here what it would give to decrypt 'thilzv' without the mysterious char : 'nbcftp' .
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36817021
you should save the encrypted string as an array of byte. That is the only way to be sure that your DB will not convert anything when storing. And that no unwanted or uncontrolled translation occurs in Delphi  either.
0
 
LVL 25

Accepted Solution

by:
epasquier earned 2000 total points
ID: 36817044
or, again, use my functions (small type error, a ')' is too much in EncryptStr.

I tested, work fine with 'maybeso', and will surely be good enough to a very week encryption such as this

maybeso <==> th€ilzv

Open in new window

function EncryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
var
 i:integer;
begin
 if Shift=0 Then Shift:=Length(aStr);
 for i:=1 to Length(aStr) do aStr[i]:=ANSIChar((Byte(aStr[i])+Shift) And $FF);
 Result:=aStr;
end;


function DecryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
begin
 if Shift>0 Then Shift:=-Shift;
 if Shift=0 Then Shift:=-Length(aStr);
 Result:=EncryptStr(aStr,Shift);
end;

Open in new window

0
 
LVL 101

Expert Comment

by:mlmcc
ID: 36817070
May also have trouble with
x's in an 8 character word, w's in a 9 character word, etc

mlmcc
0
 

Author Closing Comment

by:Connie McBride
ID: 36817343
Awesome.  even works with existing passwords.
I know it's 'weak', but in this particular case, has to work on an unencrypted database without showing up in search screens, reports, and the like.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
Loops Section Overview
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

576 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question