Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

when does a byte not equal a byte...

Posted on 2011-09-29
11
Medium Priority
?
336 Views
Last Modified: 2012-05-12
I have the code block in my application.
my application has been running for years.
the code works, EXCEPT (as I discovered today) when the code being encrypted/decrypted is 7 characters long and contains a 'y'.  in that case, the 'y' is changed to an '8', so the strings don't match.
as in 'maybeso' will not work, but 'maybenot' does.

Talk about wonky.
any ideas?
Current code is in Delphi 2010, running in windows 64 bit.

function EncryptStr(aStr : string) : string;
var
  i : integer;
  aString : string;
  aResult : string;
begin
   result := '';
   aString := aStr;
   for i := 1 to Length(aString) do
      aresult := aResult + ConnieEncrypt(aString[i], Length(aString));
   result := aResult;
end;
function ConnieEncrypt(aStr : char; aBit : integer) : char;
begin
   result := chr(byte(ord(aStr)) + aBit);
end;
function ConnieDecrypt(aStr : char; aBit : integer) : char;
begin
   result := Chr(byte(ord(aStr)) - aBit);
end;
function DecryptStr(aStr : string) : string;
var
  i : integer;
  aString : string;
  aResult : string;
begin
   result := '';
   aString := aStr;
   for i := 1 to length(aString) do
      aresult := aResult + ConnieDecrypt(aString[i],length(aString));
   result := aResult;
end;

Open in new window

0
Comment
Question by:Connie McBride
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 25

Expert Comment

by:epasquier
ID: 36816669
that is not such a good idea to do that like that, you have too little control of how is managed the overlap of byte values to Char valid range. All the more if UNICODE Chars are concerned, like in your case.

a) do you need UNICODE chars or plain ANSI (ASCII) ?
b) will it be OK if you have #0 values in your string ?
function EncryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
var
 i:integer;
begin
 if Shift=0 Then Shift:=Length(aStr);
 for i:=1 to Length(aStr) do aStr[i]:=ANSIChar((Byte(aStr[i])+Shift) And $FF));
 Result:=aStr;
end;


function DecryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
begin
 if Shift>0 Then Shift:=-Shift;
 if Shift=0 Then Shift:=-Length(aStr);
 Result:=EncryptStr(aStr,Shift);
end;

Open in new window

0
 

Author Comment

by:Connie McBride
ID: 36816756
it's used daily, but lightly.
I think I hit something bizarre in my project that I can't find, because my test app, which uses the exact  same function from the exact same field, is working fine with the exact same values.

It's just a plain text field.  Don't need anything special about it - other than it be encrypted when stored to the database.

0
 
LVL 101

Expert Comment

by:mlmcc
ID: 36816860
Is this to compare passwords?

How is the password stored?
I assume encrypted.

WHy not just encrypt and compare the encrypted strings.

ANother would be to just append a blank to the end if it  characters and encrypt that.

mlmcc
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Expert Comment

by:epasquier
ID: 36816885
'y' + 7 goes directly to #128 and therefore is subject to UNICODE translation. That is why I asked if you needed UNICODE strings.
I suspect you'll have also problems with 'z' in a 6 char string
like 'zorro!'
can you try ?
0
 

Author Comment

by:Connie McBride
ID: 36816921
It is.
and the encrypted strings are stored in the database.
As I said, been in place for over a decade.

here is what is happening:
in my 'big' app, maybeso encrypts to :
'th?ilzv'
in my test app, it encrypts to :
th¿ilzv

only difference I can see is the components (and to remove that as a 'factor', I added code to store the text from the component into a string in my big app), and get same bad result.

0
 

Author Comment

by:Connie McBride
ID: 36816946
epasquier is correct.
zorro works. zzzzzz does not.
returns 9.
so, how do I fix that?
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36817009
here is the result of Crypting / Decrypting with 'maybeso'

Encrypt :
109
97
121
98
101
115
111
> th¿ilzv
116
104
128
105
108
122
118
< maybeso
109
97
121
98
101
115
111

Open in new window


As you can see the encrypted string gives 'th¿ilzv' , 6 characters only. When I decrypt it immediately, eveuthing is ok. I suspect of course the y that transforms to #128, which is probably interpreted in UNICODE strings as a NUL character. If you use it that string a bit between encrypt and decrypt, it might be that this char is lost.
Here what it would give to decrypt 'thilzv' without the mysterious char : 'nbcftp' .
0
 
LVL 25

Expert Comment

by:epasquier
ID: 36817021
you should save the encrypted string as an array of byte. That is the only way to be sure that your DB will not convert anything when storing. And that no unwanted or uncontrolled translation occurs in Delphi  either.
0
 
LVL 25

Accepted Solution

by:
epasquier earned 2000 total points
ID: 36817044
or, again, use my functions (small type error, a ')' is too much in EncryptStr.

I tested, work fine with 'maybeso', and will surely be good enough to a very week encryption such as this

maybeso <==> th€ilzv

Open in new window

function EncryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
var
 i:integer;
begin
 if Shift=0 Then Shift:=Length(aStr);
 for i:=1 to Length(aStr) do aStr[i]:=ANSIChar((Byte(aStr[i])+Shift) And $FF);
 Result:=aStr;
end;


function DecryptStr(aStr : ANSIString; Shift:Integer=0) : ANSIString;
begin
 if Shift>0 Then Shift:=-Shift;
 if Shift=0 Then Shift:=-Length(aStr);
 Result:=EncryptStr(aStr,Shift);
end;

Open in new window

0
 
LVL 101

Expert Comment

by:mlmcc
ID: 36817070
May also have trouble with
x's in an 8 character word, w's in a 9 character word, etc

mlmcc
0
 

Author Closing Comment

by:Connie McBride
ID: 36817343
Awesome.  even works with existing passwords.
I know it's 'weak', but in this particular case, has to work on an unencrypted database without showing up in search screens, reports, and the like.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question