>got it ! very simple and effective ... thanks !
simple yes effective (at keeping people out of your file) not really. I am sorry if I am just geting on your nervs here but it is one of my pet peves, the ues of XOR as an effective encryptin algo... if you are really intrested I can show you how to brake this with a pencel and paper ... any way I guess that if you just want to stop kids this is fine but for any thing real do not ues it.

of cores you would never ues only one byte for a key even if you had a very srtong algorithim if you ues a one byte key it will be uesless, but if you are only uesing xor loop as the algo then it dose not matter how long the key it can be cracked in less time then it would take to try even 255 keys

Sorry I am probly just going on and on about this and you do not care so I will shut up now



Edited by - Validus on December 6, 2001 10:24:35 PM

quote:

---

Original post by Anonymous Poster
Does Microsoft Windows have some kind of built-in cryptography API
interface? Something that can make a program anti-patch proof?

---

Windows does not, because strong crypto was (until recently) considered munitions in the US, and hence was under strong export restrictions.

With the current anti-crypto political situation in the US, this state of affairs may well be coming back. So, it wouldn''t be a very good idea to ship crypto in windows.

No Validus, you''re not getting on my nervs at all ! I''m very interested about this topic and i appreciate your consideration and help.

glHorizon_Project



www.web-discovery.net

Ok since you are intersted I will explane how this works.

As KinkaJoy said the fact that it is symmetrical makes it east to ues (same function to encrypt and decrypt ) but it also make it easy to brake with a (plain text atack) If you know a few bytes of the plain text(unencrypted data), which it easy to get (.3ds files will have a knowen main chunck, and the vertion chunk is knowen most file types have a knowen hedder that can be uesed for the plain text) you can get the key out of it.

as was allready said the way the encrypting works is
let P by the plain text block C ciphertext block and let K be the key

P ^ K = C (encryption)
and
C ^ K = P (decryption)

but if you know a little bit of plain text
P ^ C = K (now I know the key and can decrypt the rest of the file)

so this is not a strong algorichim at all, but you would be suprised how many large programs ues this to "password protect" there files (word, wp, winzip, ect..)

I would sugest uesing a proven aglorithim if you are really intrested in pertecting you files DES is good it has be studed by many goverments and indvideules for nearly 30 years and there is still no atack better then brute force (trying every key till they guees the right one) it only ueses a 40 bit key so it can be brutforsed, but you can ues triple DES witch you simpley encryptc it with one key then Decryprt it with a second key then lastly encrypt it once more with a 3rd key(do not ues the same key or it is no different then encrypting it once ) now it has all the streangth of DES but ues a 120 bit key. Blowfish is another good algorithim to ues, it is farly simple to ues and there is no knowen atack better then bruteforce knowen for it. This is the company that is owned by the guy that made blowfish http://www.counterpane.com/ there are a lot of good info about it there(any cryptogrophy in general). Or if you just want a libary to do this check out Crypto++ http://www.eskimo.com/~weidai/cryptlib.html

Hope this helps you out,
>>Josh<<

Edited by - Validus on December 7, 2001 1:46:28 PM

DES can be brute-forced in about 3.5 hours with specialized hardware (very expensive hardware). Triple-DES would take more than a (1 billion^3) years on the same hardware. Not bad, eh?

Of course, I should point out that triple-DES breaks down if some (or all) of the three keys are the same, so ensure that they are different.

If you think DES or Triple DES is interesting, here''s a tutorial on implementing it yourself: http://www.abisoft.net/des.html

Of course, actually doing this in your case would be amazing overkill, since this will make your images load slower, and people will just grab screenshots regardless if they really want the picture.

I''d probably just do an XOR at most in your situation.

Found it:

crypt32.dll

CryptoAPI Cryptographic Functions
The Microsoft® Cryptographic API (CryptoAPI) provides services that enable application developers to add cryptography and certificate management functionality to their Win32® applications.


Now I just have to learn how to use it.

This would be cool if I could anti-patch my program.

Does anyone have any other resources that they know of? The sites posted were helpfull, but I''m interested if anyone knows of any other good sites.

I would *never* trust a crypto lib written by Microsoft...

quote:

---

Original post by Anonymous Poster
I would *never* trust a crypto lib written by Microsoft...

---

Nor would I.

I make an encryption thing once. It used the random number generator to do it. It was something like:

void en(void *data,unsigned long size, unsigned long seed){ srand(seed); for(unsigned long p = 0; p < size; p++) { ((unsigned char *)data)[p] ^= (rand()%(0xff)) }}

Slightly more complex, probably not perfect, though. I''d like to see other ideas for it, even though it has little to do with OpenGL.

You could also use compression on it, so not only would it be un readable, the sizes wouldn''t match up. That would through the snoops off the trail. Although I think that as long as you can try any seed to decrypt it, you can always break it with a brute force algorithm.

What you posted is a very simler to a onetime pad witch is the only algorighim that can not be broken with anything better then a bruteforse attack (I think correct my if I am wrong) however this only holds true if and only if the random number generator is truely random (witch the rand function is far from) in fact most crypto systems are attacked at the random number gen not the algorithim. So in basicly to make this really scure then you would need to gave it random data == in length to the data as a key, since any algorithim that you can give it a seed value and know the random bits that will be perdused will not be scure (The acual attack is beond my level mathatical understanding but I know that it is not that hard).

as for compresing it that will not do much since there is very little pattern in and encrypted file, in fact that that is a way to tell if a file is encrypted, compress it if it dose not reduse in size much then it is mose likle encrypted(or allready compresed ).

Any way I don''t want to sound like a curmudgen (to late ) but you really are best to stick with a proven algrothim (DES Blowfish, ect.. )