Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > open source encryption software

Reply
Thread Tools

open source encryption software

 
 
Jessica Weiner
Guest
Posts: n/a
 
      04-14-2006
I need to develop an open source application that will encrypt a text file
and allow certain users to access it. This application will run on a single
computer with no internet access.The idea is to make text available to
allowed users and prevent the text from being exposed to anyone else. The
list of allowed users is also a text file that is encrypted and saved on the
same machine. Once the application runs, it will act as a host to a client
application that runs on the same machine. The client will connect to the
host and provide user information. Once the user name is verified, the host
application will decrypt the text file and give it to the client. The client
can then display the plain text.

What kind of encryption method should be used here if the host application
is going to run of a public computer? Since it is open source, a potential
hacker can figure out the encryption algorithm and decrypt the file that
contains the usernames and password. How can such a sytem protect itself
from being compromised? Is this an impossible problem with no solution? i.e.
To give away the encryption algorithm and still be able to protect your
data.

Thanks.
Jessica


 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      04-14-2006
From: "Jessica Weiner" <(E-Mail Removed)>

| I need to develop an open source application that will encrypt a text file
| and allow certain users to access it. This application will run on a single
| computer with no internet access.The idea is to make text available to
| allowed users and prevent the text from being exposed to anyone else. The
| list of allowed users is also a text file that is encrypted and saved on the
| same machine. Once the application runs, it will act as a host to a client
| application that runs on the same machine. The client will connect to the
| host and provide user information. Once the user name is verified, the host
| application will decrypt the text file and give it to the client. The client
| can then display the plain text.
|
| What kind of encryption method should be used here if the host application
| is going to run of a public computer? Since it is open source, a potential
| hacker can figure out the encryption algorithm and decrypt the file that
| contains the usernames and password. How can such a sytem protect itself
| from being compromised? Is this an impossible problem with no solution? i.e.
| To give away the encryption algorithm and still be able to protect your
| data.
|
| Thanks.
| Jessica
|

ZIP the file. It uses standard encryption or advanced enryption. You can use a GUI based
utility such as WinZIP -- http://www.winzip.com/ or use a command line version such as from
PKWare -- http://www.pkware.com/.

The encryption is password protection so if you use a Strong password ( such as 10 digit
alphanumer plus special cahrs. then a hacker compramise is unlikely.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
 
Watson Ladd
Guest
Posts: n/a
 
      04-16-2006
Encrypt the file with a secret symetrical key, and distribute the key
only those people. All well-respected algorithms are public, as only
the key should protect the data. Changing key is easy, machine hard.

 
Reply With Quote
 
bthomas
Guest
Posts: n/a
 
      04-20-2006

"Jessica Weiner" <(E-Mail Removed)> wrote in message
news:WBN%f.47333$(E-Mail Removed). com...
>I need to develop an open source application that will encrypt a text file
>and allow certain users to access it. This application will run on a single
>computer with no internet access.The idea is to make text available to
>allowed users and prevent the text from being exposed to anyone else. The
>list of allowed users is also a text file that is encrypted and saved on
>the same machine. Once the application runs, it will act as a host to a
>client application that runs on the same machine. The client will connect
>to the host and provide user information. Once the user name is verified,
>the host application will decrypt the text file and give it to the client.
>The client can then display the plain text.
>
> What kind of encryption method should be used here if the host application
> is going to run of a public computer? Since it is open source, a potential
> hacker can figure out the encryption algorithm and decrypt the file that
> contains the usernames and password. How can such a sytem protect itself
> from being compromised? Is this an impossible problem with no solution?
> i.e. To give away the encryption algorithm and still be able to protect
> your data.
>
> Thanks.
> Jessica


You need to do a little reading about PKI. The "easiest" and most secure
way is to use digital certificates. Once a user digitally signs something
(say an email) that is sent to you, you now have their public key. Now you
can use their public key to encrypt anything and only they (the owner of the
key) can use their private key to decrypt the file. The problem is, you
will have to encrypt the file for each person.
>



 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      04-20-2006
From: "bthomas" <(E-Mail Removed)>


|
| You need to do a little reading about PKI. The "easiest" and most secure
| way is to use digital certificates. Once a user digitally signs something
| (say an email) that is sent to you, you now have their public key. Now you
| can use their public key to encrypt anything and only they (the owner of the
| key) can use their private key to decrypt the file. The problem is, you
| will have to encrypt the file for each person.
>>


And deal with all the problems when their personnal security certificate expires.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Jessica Weiner
Guest
Posts: n/a
 
      04-21-2006
bthomas wrote:
> You need to do a little reading about PKI. The "easiest" and most
> secure way is to use digital certificates. Once a user digitally
> signs something (say an email) that is sent to you, you now have
> their public key. Now you can use their public key to encrypt
> anything and only they (the owner of the key) can use their private
> key to decrypt the file. The problem is, you will have to encrypt
> the file for each person.


With PKI: it is hard for the user to carry around the key. With symmetric
encryption: you have to remember two passwords. It would be good if each
user only needed to remember a single password--one that he generates
himself.

How can this be acheived?

Thanks.

Jessica


 
Reply With Quote
 
bthomas
Guest
Posts: n/a
 
      05-05-2006

"Jessica Weiner" <(E-Mail Removed)> wrote in message
news:yY12g.73969$(E-Mail Removed). com...
> bthomas wrote:
>> You need to do a little reading about PKI. The "easiest" and most
>> secure way is to use digital certificates. Once a user digitally
>> signs something (say an email) that is sent to you, you now have
>> their public key. Now you can use their public key to encrypt
>> anything and only they (the owner of the key) can use their private
>> key to decrypt the file. The problem is, you will have to encrypt
>> the file for each person.

>
> With PKI: it is hard for the user to carry around the key. With symmetric
> encryption: you have to remember two passwords. It would be good if each
> user only needed to remember a single password--one that he generates
> himself.
>
> How can this be acheived?
>
> Thanks.
>
> Jessica
>
>

You can do that by using the password as the encryption key but you are
starting to be less and less secure. There has to be a balance between
usability and security.
Since it is on a single system, you might consider a biometric hardware
device. They aren't the best answer (still have several flaws) but is a
"key" that the user will always have with them.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Closed-Source vs Open-Source Drivers Lawrence D'Oliveiro NZ Computing 2 05-04-2009 11:36 PM
off topic: 2 videos on source control and open source development Aaron Watters Python 0 03-08-2008 10:13 PM
Which hard drive encryption program has the strongest tested encryption & security? =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D=5B:::::::::::::::=BB?= Computer Security 6 02-20-2008 01:35 PM
Open-Source Good, Closed-Source Bad Lawrence D'Oliveiro NZ Computing 1 10-16-2005 05:02 AM
Open Source Conference in Japan: Open Source Realize Forum 2005 pat eyler Ruby 1 03-05-2005 03:50 AM



Advertisments