Re: Avoiding string break...



Correction:

The advantage of RC4 is that if you have a string of 5 octets before encryption, you only need to send and receive 5 octets.






----- Original Message ----
From: Piscium <groknok yahoo ie>
To: gtkmm-list gnome org
Sent: Sat, 8 May, 2010 17:12:36
Subject: Re: Avoiding string break...

Hi Glus,

To be honest I do not have the time to go through your example, and it seems to me that your questions are a bit outside the scope of the forum. They are C++ questions more than they are gtkmm!

But in any case, just a quick thought - a shot in the dark. 

As you probably know AES is a block encryption standard. The block size is 16 octets. This means that if you have a string whose length is not a multiple of 16, you have to pad it (for example with zeros) before encryption. Moreover you always need to transmit the encrypted block whose length will be a multiple of 16.

So a possible bug (a shot in the dark) would be if you encrypt a string of 5 octets, and send 5 octets. What you will get on the other side will be garbage!

If you really want to use block encryption, you can make the communication more secure by padding with random data rather than zeros.

Or you might consider a streaming encryption protocol, such as RC4:
http://en.wikipedia.org/wiki/RC4

The advantage of RC4 is that if you send 5 octets you only need to receive 5 octets.






----- Original Message ----
From: Glus Xof <gtglus gmail com>
To: Mark Roberts <gtkmm manumark de>
Cc: gtkmm-list gnome org
Sent: Sat, 8 May, 2010 15:59:36
Subject: Re: Avoiding string break...

2010/5/8 Mark Roberts <gtkmm manumark de>:
> Dear Glus,
>
>>>> Yesterdary, I posted the sources of an example codes [...]
>
>>> It is often suggested that a problem be reduced to a minimal program
>>> before
>>> posting it to the list. [...]
>
>> It's not necessary to look all the code, just if you need some more
>> data or want to run something in your computer... The question is that
>> in some cases (not all !!!) an std::string with encrypted values is
>> not sent entirely (through the Gio::Socket::send() &
>> Gio::Socket::receive() methods...). (hypothesis:) When the client
>> tries to decrypt this partial string throws an std::bad_alloc
>> exception instance (maybe, because it's, in fact, incomplete).
>>
>> I haven't enough knowledge to find what happens inside this string, if
>> so. But in any cases, I need to ask you some help. Maybe, the
>> encryption routines are not the most appropiate. I choosen AES because
>> -as I know- is one of the most powerful symmetric encryption
>> algorithms.
>
> You want to know why your program isn't working. You think the
> encryption/decryption may be losing part of your data. Or there may be a
> problem with zero-bytes embedded in your data. You have written a
> client-server app and may have a mistake in your code.

Not exactly... I think that the string is always well-formed both at
the exit of the encryption process and just before the transfert
through the socket, but the problem seems to be that this string
doesn't arrive entirely to the other side; I mean, when I read the
encrypted string from the buffer's socket, sometimes (not always), I
don't get the whole string...

I need some help from you to know what happens with it .

Glus

> In order to solve your problem you need to decouple these. Rewrite the
> program (a) without encryption/decryption. Does it work now? (b) without
> sockets and client-server stuff. Does it work now? (c) run the program with
> particular data, for instance data without embedded zeros or with only
> zeros, or particularly short strings or empty strings.  (d) think of other
> possibilities and leave them out.

> In other words: write a simpler and smaller program and find the error in
> that. It you have a small and short program and can't find the error, post
> it on this list.
_______________________________________________
gtkmm-list mailing list
gtkmm-list gnome org
http://mail.gnome.org/mailman/listinfo/gtkmm-list




_______________________________________________
gtkmm-list mailing list
gtkmm-list gnome org
http://mail.gnome.org/mailman/listinfo/gtkmm-list






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]