Dev C++ Encryption Program

I would like to encrypt some documents using an encryption program that I made, to be completely sure of it's reliability and trustworthiness. However, I have no idea on where to start, what determines how difficult it is to create a strong algorithm or anything of the kind. I would imagine it is not extremely complex to code?
How can you be completely sure about your code's reliability when, by your own admission, you don't know the first thing about encryption?

I have no idea on where to start, what determines how difficult it is to create a strong algorithm or anything of the kind. I would imagine it is not extremely complex to code?
Considering trained cryptographers do this for a living and old algorithms that were once thought to be secure are continuously discarded due to vulnerabilities in their design, I would say designing a secure encryption algorithm is pretty damn difficult.
Implementing a known algorithm is easier, but it's still something that should be avoided.

Just use existing software. Implementing an encryption algorithm by yourself is a last resort when you know what you're doing. If you don't know what you're doing, it's completely out of the question.
a015,

I agree with helios but if cryptography is something you may be interested in you could start by reading the following:
Handbook of Applied Cryptography
http://www.cacr.math.uwaterloo.ca/hac/
(all chapters are available for free download from the link).
closed account (48T7M4Gy)
to be completely sure of it's reliability and trustworthiness

It's sound advice to learn about cryptography for a couple of reasons.

It's obviously an interest of yours to write your own encryption software, and why not.

If you understand the technology you will be able to assess any off-the-shelf software in a better informed way. There is nothing to say buying the software is any more reliable, possibly less reliable, than DIY. Most COMSEC organisations write their own.

Besides, if you get somebody to test the software you have written, why trust them? Avoid the descent into the 'William Angleton hall of mirrors' syndrome.

There are numerous ways of coming up with the perfect encryption system and a text like the one above will show you.

At worst, a one-time pad will do the job. Nobody but you will ever crack it. (And that's without even considering whether your documents are so important that the best computers in the world are going to be set whirring around in deciphering them.)
Last edited on
Another book I was going to recommend:
Modern Cryptanalysis: Techniques for Advanced Code Breaking
by Christopher Swenson

Starting with Cryptanalysis may be better than jumping straight into cryptography as a whole as it will give you the tools needed to asses the quality of your (and others) work.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


There are numerous ways of coming up with the perfect encryption system
I would disagree with that, if it were true we would have a perfect encryption system and wouldn't need any other and this is clearly not the case. The best you could hope for is a very good encryption system with many people reviewing it and trying to break it.
closed account (48T7M4Gy)
I would disagree with that, if it were true we would have a perfect encryption system and wouldn't need any other and this is clearly not the case. The best you could hope for is a very good encryption system with many people reviewing it and trying to break it.


Only disagree when you have the expertise to absolutely know what you are talking about. A one time pad is not decipherable, by definition and by mathematical proof in accordance with well-based information theory.

If you meant to say there are inherent difficulties with the practical use of and security surrounding OTP's then that might be true depending on a lot of external factors.

Also the defense-in-depth security principles surrounding encryption systems of all sorts, particularly in major/significant financial, government and military situations render the selection of encryption systems virtual perfection simply on the basis of time, detection and resource availability for deciphering. Only a naive approach to security relies on one measure alone however good or bad it is.

Further, the more people, trusted or otherwise, reviewing a system may present an unintended vulnerability all on its own by drawing unwanted attention to its existence just for a start. There are numerous reasons why that idea is extended by way of compartmentalization in a secure environment.
I'm talking complete systems (cryptosystem) not a single algorithm. OTP has perfect secrecy but is far from being a 'perfect' system. Problems with generating a truly random pad, secure generation/exchange/storage of the key, and such means that the cryptosystem is not perfect.


Further, the more people, trusted or otherwise, reviewing a system may present an unintended vulnerability all on its own by drawing unwanted attention to its existence just for a start.
'may present an unintended vulnerability' that is the point, security through obscurity is not very good. Hoping you haven't made a mistake and that your encryption slips under the radar of others would not be a good way forward. I'm not saying that it should be opened up to the world but if the encryption is good it need to stand up to the scrutiny of peer review.
closed account (48T7M4Gy)
that is the point


But what is your point exactly? All I am responding to is you have made a bald statement that there are no perfect systems and yet there is at least one, the classic one.

For all I know there are hundreds, perhaps thousands. There are many that for all intents and purposes are not able to be practically defeated, and of those that are defeated, that fact it is unlikely to be advertised openly.( Quantum cryptography is claimed to be perfect - well until Einsteins is vindicated. )

If you are talking complete systems - using a narrow cryptosytem perspective - then OTP is one. Applied properly, it can't be defeated by cryptographic and sheer luck doesn't count because it is more than reasonably likely unrepeatable.

There is no problem generating a random OTP pad, none whatsoever. OTP's rely on that almost totally and it's not hard to achieve because it's only used once. The Zimbabwe telephone book is good enough. Use the Ecuador one the following message

Handling and security of the key is an 'externality' which is impacted by the defence-in-depth and OTP's depend on it as much as any other cryptosystem does. Protection of the key (public and/or private) is a vulnerability of any system, just the same as someone looking over our shoulder would be, or losing an Enigma machine was.

I'm not saying to open it up to the world and that is why I referred to compartmentalization. Obviously you don't have experience in a secure environment because even peers could be a vulnerability.

But on the other hand public key encryption algorithms are freely available anywhere and to anyone on the face of the planet which is better going than a OTP system as totally perfect as a crypto-system as it is.

Interesting points you raise but we should now ask the OP why encrypting his/her documents is so important. What is there to hide?
First 'that is the point' relates to a different part of the discussion. The part where you are suggesting that peer review (I know, my words not yours) 'may present an unintended vulnerability', the point being that peer review should be used to identify potential vulnerabilities before they are discovered in the wild.

So back to my 'bald statement that there are no perfect systems', I actually disagreed with your claim that 'there are numerous ways of coming up with the perfect encryption system' but that is just splitting hairs.

A cryptosystem (as I understand it) is the groups of cryptographic algorithms needed to implement a security service (such as file encryption). The minimum would be key generation, encryption and decryption.

As I said OTP has perfect secrecy, with only the cyphertext you will not be able to brute force it, however there is (as far as I'm aware) issue with a true random key generator, meaning that it would not be a perfect cryptosystem.
You could use the telephone book as a key but it would not be a true random key. You would just need to know 'Zimbabwe telephone book' to have the full key. A proper key for OPT would not be able to be recreated, you either have it or you don't.

If you want to complete systems - using a broader perspective - then OTP is even worse as handling the key becomes more of an issue.

If you want to look at OTP as narrowly as possible then, yes it is perfect but not very practical.

So now what do we have...
I'm not saying to open it up to the world and that is why I referred to compartmentalization.
Well I didn't say that you did say that. Compartmentalization is great. Keep the information restricted to persons or other entities who need to know. I just hope that if your are involved in designing cryptosystems your compartment is bigger than just you.

Obviously you don't have experience in a secure environment because even peers could be a vulnerability.
That's just a stupid assumption.

Edit:
Not only is it a stupid assumption but you are again trying to imply that I said something that I didn't.

Last edited on
closed account (48T7M4Gy)
That's just a stupid assumption.
It was no assumption.
http://davidmarkbrownwrites.com/wp-content/uploads/2012/06/digging_a_hole.jpg
What's your problem?

Handling and security of the key is an 'externality'
Where have you worked where they think this is a sensible idea?

OTP's depend on it as much as any other cryptosystem does. Protection of the key (public and/or private) is a vulnerability of any system
But securing a key that's the same length as the message is obviously more difficult than securing a small key. If you have a method to securely communicate/store such a key, why are you not simply using that method for the message?
closed account (48T7M4Gy)
But securing a key that's the same length as the message is obviously more difficult than securing a small key.
The key might actually be longer than the message especially if it's the Zimbabwe telephone book and the message is just "This is getting boring".
Topic archived. No new replies allowed.