open source encryption software

Discussion in 'Computer Security' started by Jessica Weiner, Apr 14, 2006.

  1. I need to develop an open source application that will encrypt a text file
    and allow certain users to access it. This application will run on a single
    computer with no internet access.The idea is to make text available to
    allowed users and prevent the text from being exposed to anyone else. The
    list of allowed users is also a text file that is encrypted and saved on the
    same machine. Once the application runs, it will act as a host to a client
    application that runs on the same machine. The client will connect to the
    host and provide user information. Once the user name is verified, the host
    application will decrypt the text file and give it to the client. The client
    can then display the plain text.

    What kind of encryption method should be used here if the host application
    is going to run of a public computer? Since it is open source, a potential
    hacker can figure out the encryption algorithm and decrypt the file that
    contains the usernames and password. How can such a sytem protect itself
    from being compromised? Is this an impossible problem with no solution? i.e.
    To give away the encryption algorithm and still be able to protect your
    data.

    Thanks.
    Jessica
    Jessica Weiner, Apr 14, 2006
    #1
    1. Advertising

  2. From: "Jessica Weiner" <>

    | I need to develop an open source application that will encrypt a text file
    | and allow certain users to access it. This application will run on a single
    | computer with no internet access.The idea is to make text available to
    | allowed users and prevent the text from being exposed to anyone else. The
    | list of allowed users is also a text file that is encrypted and saved on the
    | same machine. Once the application runs, it will act as a host to a client
    | application that runs on the same machine. The client will connect to the
    | host and provide user information. Once the user name is verified, the host
    | application will decrypt the text file and give it to the client. The client
    | can then display the plain text.
    |
    | What kind of encryption method should be used here if the host application
    | is going to run of a public computer? Since it is open source, a potential
    | hacker can figure out the encryption algorithm and decrypt the file that
    | contains the usernames and password. How can such a sytem protect itself
    | from being compromised? Is this an impossible problem with no solution? i.e.
    | To give away the encryption algorithm and still be able to protect your
    | data.
    |
    | Thanks.
    | Jessica
    |

    ZIP the file. It uses standard encryption or advanced enryption. You can use a GUI based
    utility such as WinZIP -- http://www.winzip.com/ or use a command line version such as from
    PKWare -- http://www.pkware.com/.

    The encryption is password protection so if you use a Strong password ( such as 10 digit
    alphanumer plus special cahrs. then a hacker compramise is unlikely.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Apr 14, 2006
    #2
    1. Advertising

  3. Jessica Weiner

    Watson Ladd Guest

    Encrypt the file with a secret symetrical key, and distribute the key
    only those people. All well-respected algorithms are public, as only
    the key should protect the data. Changing key is easy, machine hard.
    Watson Ladd, Apr 16, 2006
    #3
  4. Jessica Weiner

    bthomas Guest

    "Jessica Weiner" <> wrote in message
    news:WBN%f.47333$...
    >I need to develop an open source application that will encrypt a text file
    >and allow certain users to access it. This application will run on a single
    >computer with no internet access.The idea is to make text available to
    >allowed users and prevent the text from being exposed to anyone else. The
    >list of allowed users is also a text file that is encrypted and saved on
    >the same machine. Once the application runs, it will act as a host to a
    >client application that runs on the same machine. The client will connect
    >to the host and provide user information. Once the user name is verified,
    >the host application will decrypt the text file and give it to the client.
    >The client can then display the plain text.
    >
    > What kind of encryption method should be used here if the host application
    > is going to run of a public computer? Since it is open source, a potential
    > hacker can figure out the encryption algorithm and decrypt the file that
    > contains the usernames and password. How can such a sytem protect itself
    > from being compromised? Is this an impossible problem with no solution?
    > i.e. To give away the encryption algorithm and still be able to protect
    > your data.
    >
    > Thanks.
    > Jessica


    You need to do a little reading about PKI. The "easiest" and most secure
    way is to use digital certificates. Once a user digitally signs something
    (say an email) that is sent to you, you now have their public key. Now you
    can use their public key to encrypt anything and only they (the owner of the
    key) can use their private key to decrypt the file. The problem is, you
    will have to encrypt the file for each person.
    >
    bthomas, Apr 20, 2006
    #4
  5. From: "bthomas" <>


    |
    | You need to do a little reading about PKI. The "easiest" and most secure
    | way is to use digital certificates. Once a user digitally signs something
    | (say an email) that is sent to you, you now have their public key. Now you
    | can use their public key to encrypt anything and only they (the owner of the
    | key) can use their private key to decrypt the file. The problem is, you
    | will have to encrypt the file for each person.
    >>


    And deal with all the problems when their personnal security certificate expires.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Apr 20, 2006
    #5
  6. bthomas wrote:
    > You need to do a little reading about PKI. The "easiest" and most
    > secure way is to use digital certificates. Once a user digitally
    > signs something (say an email) that is sent to you, you now have
    > their public key. Now you can use their public key to encrypt
    > anything and only they (the owner of the key) can use their private
    > key to decrypt the file. The problem is, you will have to encrypt
    > the file for each person.


    With PKI: it is hard for the user to carry around the key. With symmetric
    encryption: you have to remember two passwords. It would be good if each
    user only needed to remember a single password--one that he generates
    himself.

    How can this be acheived?

    Thanks.

    Jessica
    Jessica Weiner, Apr 21, 2006
    #6
  7. Jessica Weiner

    bthomas Guest

    "Jessica Weiner" <> wrote in message
    news:yY12g.73969$...
    > bthomas wrote:
    >> You need to do a little reading about PKI. The "easiest" and most
    >> secure way is to use digital certificates. Once a user digitally
    >> signs something (say an email) that is sent to you, you now have
    >> their public key. Now you can use their public key to encrypt
    >> anything and only they (the owner of the key) can use their private
    >> key to decrypt the file. The problem is, you will have to encrypt
    >> the file for each person.

    >
    > With PKI: it is hard for the user to carry around the key. With symmetric
    > encryption: you have to remember two passwords. It would be good if each
    > user only needed to remember a single password--one that he generates
    > himself.
    >
    > How can this be acheived?
    >
    > Thanks.
    >
    > Jessica
    >
    >

    You can do that by using the password as the encryption key but you are
    starting to be less and less secure. There has to be a balance between
    usability and security.
    Since it is on a single system, you might consider a biometric hardware
    device. They aren't the best answer (still have several flaws) but is a
    "key" that the user will always have with them.
    bthomas, May 5, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Author Tarun Tyagi
    Replies:
    0
    Views:
    682
    Author Tarun Tyagi
    Dec 29, 2004
  2. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    Which hard drive encryption program has the strongest tested encryption & security?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 24, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    3,771
    Kornholio
    Feb 20, 2008
  3. Lawrence D'Oliveiro

    Open-Source Good, Closed-Source Bad

    Lawrence D'Oliveiro, Oct 16, 2005, in forum: NZ Computing
    Replies:
    1
    Views:
    447
    Gordon
    Oct 16, 2005
  4. Lawrence D'Oliveiro

    Closed-Source vs Open-Source Drivers

    Lawrence D'Oliveiro, May 4, 2009, in forum: NZ Computing
    Replies:
    2
    Views:
    493
    Lawrence D'Oliveiro
    May 5, 2009
  5. Lawrence D'Oliveiro

    Open Source vs Closed Source Security

    Lawrence D'Oliveiro, Mar 3, 2010, in forum: NZ Computing
    Replies:
    1
    Views:
    946
    Gordon
    Mar 4, 2010
Loading...

Share This Page