Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Cryptography

Problem with cryptix32.jar

Dear All,

Currently, I use cryptix32, JDK 1.4.2.08.

The same result with diffenrent input with the following code:

password 888 --> enscipt --> C910B030A8D5A386FA4E4977ED78AC87

password 999 --> enscipt --> C910B030A8D5A386FA4E4977ED78AC87

It is totally wrong, any body can help me.

Thanks so much.

package test;

import cryptix.provider.key.RawSecretKey;

import cryptix.util.core.Hex;

publicclass changepassword{

/**

* @param args

*/

publicstaticvoid main(String[] args){

try{

System.out.println(createEncryptedPassword("administrator","888"));

System.out.println(createEncryptedPassword("administrator","999"));

}catch(Exception e){

e.printStackTrace();

}

}

staticprivate String createEncryptedPassword( String userid,String password){

String cipherkey = password.toUpperCase();

String encryptionTarget = userid.toUpperCase();

if (cipherkey.length() > 24){

cipherkey = cipherkey.substring(0, 24);

}else{

while ((cipherkey.length() % 24) != 0){

cipherkey +=" ";

}

}

RawSecretKey key =new RawSecretKey("DES", cipherkey.getBytes());

xjava.security.Cipher cipher =null;

byte[] ciphertext =null;

try{

cipher =

xjava.security.Cipher.getInstance("DES-EDE3/CBC","Cryptix");

cipher.initEncrypt(key);

while ((encryptionTarget.length() % 16) != 0){

encryptionTarget = encryptionTarget +" ";

}

ciphertext =

cipher.crypt(

Hex.fromString(Hex.toString(encryptionTarget.getBytes())));

}catch (Exception e){

com.prudentialvn.util.Util.addToLog(e.getMessage());

return"" ;

}

return Hex.toString(ciphertext);

}

}

[3490 byte] By [pawa_11a] at [2007-10-3 7:50:32]
«« hii project , doubt!!
»» Genericity and Serialization - Casting
# 1

Is this code you have just written or is it code you are having to support? Either way it leaves much to be desired but if it is code you have just written then I would abandon it.

1)You are using an out of date library that is not fully JCE compliant.

2)Code such as

ciphertext =

cipher.crypt(

Hex.fromString(Hex.toString(encryptionTarget.getBytes())));

is quite frankly rubbish. You turn your bytes into a Hex string and then, without a pause, you convert the hex string back to bytes.

3)For some reason you create a single DES key using

RawSecretKey key = new RawSecretKey("DES", cipherkey.getBytes());

and then use the single DES key to initialize a triple DES cipher in

cipher =

xjava.security.Cipher.getInstance("DES-EDE3/CBC", "Cryptix");

4)Your contorted approach to padding strings to multiples of 24 or 16 characters leaves me cold. The problem I have is that I don't know why you do it. If you used the JCE properly then one would just have to use Passphrase Based Encryption (PBE) and then no padding would be require either for the key or the plain text.

I can't see what your coding problem is but I think you have a much much bigger problem in your approach. My advice ?abandon your use of an out-of-date library and use PBE encryption.

sabre150a at 2007-7-15 2:52:25 > top of Java-index,Security,Cryptography...
# 2

I have just worked out why you are getting the same result for both! DES keys use the least significant bit (LSB) of each byte as a parity bit but it takes no part in the encryption process. The ASCI value of char '8' is 0x56 and the ASCII value of char '9' is 0x57 so stripping off the LSB of '9' makes it identical to '8' as far as DES is concerned.

I still think your code needs to be re-written to conform to the JCE and to use PBE.

sabre150a at 2007-7-15 2:52:25 > top of Java-index,Security,Cryptography...
Security
Cryptography

Security New Topic

Security Hot Topic

Security

All Classified