Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Encryption/Decryption on both Java and Delphi

Reply
Thread Tools

Encryption/Decryption on both Java and Delphi

 
 
Aidan Diffey
Guest
Posts: n/a
 
      10-20-2005
Hi,

We are looking for a component or code to allow us to encrypt and
decrypt user passwords in both Java and Delphi
e.g. passwords stored in a single database accessible by both platforms.

We have looked at Triple DES in LockBox (Delphi) but it uses a 16 byte
array in Delphi and a 24 byte array in Java, so is not cross-platform
compatible.

Our essential requirement is for something that produces the same
results from both Delphi and Java code - the cipher strength is not that
important...

Can anyone point us in the right direction?

Any assistance would be much appreciated!

Regards

Aidan
 
Reply With Quote
 
 
 
 
Igor Planinc
Guest
Posts: n/a
 
      10-20-2005
Aidan Diffey wrote:
> Hi,
>
> We are looking for a component or code to allow us to encrypt and
> decrypt user passwords in both Java and Delphi
> e.g. passwords stored in a single database accessible by both platforms.
>
> We have looked at Triple DES in LockBox (Delphi) but it uses a 16 byte
> array in Delphi and a 24 byte array in Java, so is not cross-platform
> compatible.
>
> Our essential requirement is for something that produces the same
> results from both Delphi and Java code - the cipher strength is not that
> important...
>
> Can anyone point us in the right direction?
>
> Any assistance would be much appreciated!


Markus Hahn wrote a lot of encryption tools. Among them implementations of
Blowfish for Delphi, C++, .NET, Java, ...

http://www.hotpixel.net/software.html
 
Reply With Quote
 
 
 
 
Roedy Green
Guest
Posts: n/a
 
      10-20-2005
On Thu, 20 Oct 2005 11:01:06 +0100, Aidan Diffey
<(E-Mail Removed)> wrote or quoted :

>Our essential requirement is for something that produces the same
>results from both Delphi and Java code - the cipher strength is not that
>important...


That requirement makes the job at least 10 times harder. Everything
has to match to the bit in every implementation detail. Consider using
the same code with a bridge to the other world.
--
Canadian Mind Products, Roedy Green.
http://mindprod.com Again taking new Java programming contracts.
 
Reply With Quote
 
Kenneth P. Turvey
Guest
Posts: n/a
 
      10-20-2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 20 Oct 2005 10:59:40 +0000, Roedy Green wrote:

> On Thu, 20 Oct 2005 11:01:06 +0100, Aidan Diffey
> <(E-Mail Removed)> wrote or quoted :
>
>>Our essential requirement is for something that produces the same
>>results from both Delphi and Java code - the cipher strength is not that
>>important...

>
> That requirement makes the job at least 10 times harder. Everything
> has to match to the bit in every implementation detail. Consider using
> the same code with a bridge to the other world.


These are well defined algorithms. I'm sure if the original poster
looked a bit closer at 3DES they could figure out the problem. There
are only a handful of reasons why they wouldn't be identical. If they
just want a password hash any algorithm will work fairly well. Why not
use a secure hash like MD5 or SHA1 or SHA2? They are all used to hash
passwords.

Or do you need to be able to read the passwords again with a key? This
usually isn't what you want.

- --
Kenneth P. Turvey <(E-Mail Removed)>
http://kt.squeakydolphin.com (not much there yet)
Jabber IM: http://www.velocityreviews.com/forums/(E-Mail Removed)
Phone: (314) 255-2199
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDV96hi2ZgbrTULjoRAsZ9AKDKqHRK8K45r0a+yemylr qDF5IU8ACdHc7v
Vgd9Y/pE7WBj1qrFv7sv0aU=
=FenN
-----END PGP SIGNATURE-----

 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      10-21-2005
On Thu, 20 Oct 2005 13:15:11 -0500, "Kenneth P. Turvey"
<(E-Mail Removed)> wrote or quoted :

>
>These are well defined algorithms. I'm sure if the original poster
>looked a bit closer at 3DES they could figure out the problem. There
>are only a handful of reasons why they wouldn't be identical. If they
>just want a password hash any algorithm will work fairly well. Why not
>use a secure hash like MD5 or SHA1 or SHA2? They are all used to hash
>passwords.


Look at JCE. You will see there are more ways to do each algorithm
than there are ways to order chow mein

The core algorithm may be standard, but you have all manner of
optional ways of salting and packing.
..
When you do Java-Java all that really matters is getting the options
set the same way. With different languages you need to have an
intimate understanding of what all that stuff means. Your best bet
would be to find a package that is reputed to be interoperable under
your two languages on the given platforms. Trying to mesh together
packages from different authors could end up being more work that
writing your own implementations.
--
Canadian Mind Products, Roedy Green.
http://mindprod.com Again taking new Java programming contracts.
 
Reply With Quote
 
Kenneth P. Turvey
Guest
Posts: n/a
 
      10-21-2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 21 Oct 2005 01:48:36 +0000, Roedy Green wrote:

> The core algorithm may be standard, but you have all manner of
> optional ways of salting and packing.


This should all be specified by the implementation of the algorithm
though, no matter what language you are using. There really aren't that
many ways to do this (the salting, I'll give you, but it should be obvious
if you are using the same way).

- --
Kenneth P. Turvey <(E-Mail Removed)>
http://kt.squeakydolphin.com (not much there yet)
Jabber IM: (E-Mail Removed)
Phone: (314) 255-2199
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDWHHPi2ZgbrTULjoRAgrUAKCR6wXZCUjiHy1jUkJk3e 7wxwb5igCgmbrn
/J7s7AMLpSMHN8MP7iyj0yc=
=Un0c
-----END PGP SIGNATURE-----

 
Reply With Quote
 
Stefan Schulz
Guest
Posts: n/a
 
      10-21-2005
On Thu, 20 Oct 2005 11:01:06 +0100, Aidan Diffey wrote:

> Hi,
>
> We are looking for a component or code to allow us to encrypt and
> decrypt user passwords in both Java and Delphi
> e.g. passwords stored in a single database access


Why do you have to decrypt the passwords again? Usually, you will want to
merely hash the passwords with some secure hash (both java and delphi have
implementations of the most common algorithms, which should produce the
exact same output), and then merely compare the input password hash with
the stored hash. This has the advantage that noone (not even you) can
guess what the password leading to a hash is. Taken to the extreme, you
could print the hashes out and plaster them all over town, and noone would
be the wiser.

--
You can't run away forever,
But there's nothing wrong with getting a good head start.
--- Jim Steinman, "Rock and Roll Dreams Come Through"


 
Reply With Quote
 
Igor Planinc
Guest
Posts: n/a
 
      10-21-2005
Roedy Green wrote:
> Your best bet
> would be to find a package that is reputed to be interoperable under
> your two languages on the given platforms.


Hahn's implementations are not only reputed to be interoperable. They, in fact, are.
 
Reply With Quote
 
Igor Planinc
Guest
Posts: n/a
 
      10-22-2005
Stefan Schulz wrote:
> On Thu, 20 Oct 2005 11:01:06 +0100, Aidan Diffey wrote:
>
>
>>Hi,
>>
>>We are looking for a component or code to allow us to encrypt and
>>decrypt user passwords in both Java and Delphi
>>e.g. passwords stored in a single database access

>
>
> Why do you have to decrypt the passwords again? Usually, you will want to
> merely hash the passwords with some secure hash (both java and delphi have
> implementations of the most common algorithms, which should produce the
> exact same output), and then merely compare the input password hash with
> the stored hash. This has the advantage that noone (not even you) can
> guess what the password leading to a hash is. Taken to the extreme, you
> could print the hashes out and plaster them all over town, and noone would
> be the wiser.


I'll take a wild guess, but that's a common practice with various web-based
services. They usually have the "Forgot your password? No problem! We'll send it
to you." option with everything requiring registration. No use having just
hashes. One must have access to cleartext passwords. Clearly one should only
decrypt them when needed, but otherwise store them safely encrypted in some
shady spot.
 
Reply With Quote
 
Chris Uppal
Guest
Posts: n/a
 
      10-22-2005
Igor Planinc wrote:

> I'll take a wild guess, but that's a common practice with various
> web-based services. They usually have the "Forgot your password? No
> problem! We'll send it to you." option


Sounds likely, but it's not good practise. Better is to generate a new
password and send that. Better still is to generate a new /one-shot/ password
which the user has to change immediately. I'm sure there are better ideas
still, but I haven't seen them myself.

-- chris


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ANN: new Delphi(tm) JMS (Java Message Service) client libraries forApache ActiveMQ and OpenMQ message brokers Michael Justin Java 12 11-26-2009 03:40 AM
compilation error: file exists in both in both 'c:\WINNT\Microsoft.NET\Framework\v2.0.50727 ABCL ASP .Net 0 05-29-2008 04:59 PM
Beware: C and Delphi uses different shift right operator. (Matters for negatives, both languages can give wrong results.) Skybuck Flying C Programming 1 07-21-2007 10:07 PM
2 computers, both online, both invisible to each other ? b Computer Support 9 04-21-2006 04:06 AM
(De)Compression with both Delphi and Java NB Java 3 06-02-2004 04:09 PM



Advertisments