Rolling Your Own Cryptographic Functions

I cringe when I hear, Yeah, we got crypto. We rolled our own algorithm it rocks! Or, We didn t trust any of the known algorithms since they are well known, so we created our own algorithm. That way we re the only ones that know it, and it s much more secure. Producing good cryptographic algorithms is a difficult task, one that should be undertaken only by those who well understand how to create such algorithms. Code like the following is bad, very bad:

void EncryptData(char *szKey, DWORD dwKeyLen, char *szData, DWORD dwDataLen) { for (int i = 0; i < dwDataLen; i++) { szData[i] ^= szKey[i % dwKeyLen]; } }

This code simply XORs the key with the plaintext, resulting in the ciphertext, and I use the latter term loosely! Ciphertext refers to the text that has been encrypted with an encryption key. The key is weak because it is so trivial to break. Imagine you are an attacker and you have no access to the encryption code. The application operates by taking the user s plaintext, encrypting it, and storing the result in a file or the registry. All you need to do is XOR the ciphertext held in the file or registry with the data you originally entered, and voil , you have the key! A colleague once told me that we should refer to such encryption as encraption!

An XOR Property

If you have forgotten what XOR does, read on. Exclusive-OR, denoted by the + symbol, has an interesting property: A + B + A = B. That is why it s often used for weak data encoding. If you XOR plaintext data with a key, you get ciphertext back. If you XOR the ciphertext with the key, you get the plaintext back. And if you know the ciphertext and the plaintext, you get the key back!

Do not do this! The best way to use encryption is to use tried and trusted encryption algorithms defined in libraries such as CAPI included with Windows. In fact, alarm bells should ring in your mind if you encounter words such as hide, obfuscate, or encode when reading the specification of a feature you are implementing!

The following sample code, written in Microsoft JScript using the CAPICOM library, shows how to encrypt and decrypt a message:

var CAPICOM_ENCRYPTION_ALGORITHM_RC2 = 0; var CAPICOM_ENCRYPTION_ALGORITHM_RC4 = 1; var CAPICOM_ENCRYPTION_ALGORITHM_DES = 2; var CAPICOM_ENCRYPTION_ALGORITHM_3DES = 3; var oCrypto = new ActiveXObject("CAPICOM.EncryptedData"); // Encrypt the data. var strPlaintext = "In a hole in the ground..."; oCrypto.Content = strPlaintext; // Get key from user via an external function. oCrypto.SetSecret(GetKeyFromUser()); oCrypto.Algorithm = CAPICOM_ENCRYPTION_ALGORITHM_3DES ; var strCiphertext = oCrypto.Encrypt(0); // Decrypt the data. oCrypto.Decrypt(strCiphertext); if (oCrypto.Content == strPlaintext) { WScript.echo("Cool!"); }


	What s CAPICOM? CAPICOM is a COM component that performs cryptographic functions. The CAPICOM interface can sign data, verify digital signatures, and encrypt and decrypt data. It can also be used to check the validity of digital certificates. CAPICOM was first made public as part of the Windows XP Beta 2 Platform SDK. You need to register Capicom.dll before using it. The redistributable files for this DLL are available at www.microsoft.com/downloads/release.asp? releaseid=30316.


	Do not, under any circumstances, create your own encryption algorithm. The chances are very good that you will get it wrong. For Win32 applications, use CAPI. For script-based applications (VBScript, JScript, and ASP), use the CAPICOM library. Finally, for .NET applications (including ASP.NET), use the System.Security.Cryptography classes.

Keep the Marketing Guys Honest

Here is some fun. Spend a couple of minutes reviewing your products marketing literature. Does it contain phrases like Uses 256-bit crypto, unbreakable security, proprietary encryption, or military-quality encryption ? Such phrases are often wrong because they are only part of the puzzle. For example, if you use 256-bit crypto, where and how do you store the keys? Are they safe from attack? If you see phrasing like this, have a chat with the marketing people. They might be giving an incomplete, and possibly inaccurate, picture of the capabilities of a security solution. And it s better to get the wording fixed sooner rather than later to reduce the chance of your company acquiring a bad reputation.