Cryptography

Cryptography (or cryptology; from Greek κρυπτός kryptós, “hidden, secret”; and γράφειν graphein, “writing”, or -λογία -logia, “study”, respectively) is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that block adversaries; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Cryptix is a cryptography software for Mac OSX.

Rbcafe » Security » Cryptography

Dynamic_pager

Dynamic_pager

dynamic_pager — dynamic pager external storage manager

SYNOPSIS

dynamic_pager [-E] [-F filename] [-S filesize] [-H high-water-trigger]
[-L low-water-trigger] [-P priority]

DESCRIPTION

The dynamic_pager daemon manages a pool of external swap files which the
kernel uses to support demand paging. This pool is expanded with new
swap files as load on the system increases, and contracted when the swap-
ping resources are no longer needed. The dynamic_pager daemon also pro-
vides a notification service for those applications which wish to receive
notices when the external paging pool expands or contracts.

OPTIONS

-E Encrypt the data in the swap files.

-F The base name of the filename to use for the external paging
files. By default this is /private/var/vm/swapfile.

-S The fixed filesize [in bytes] to use for the paging files. By
default dynamic_pager uses variable sized paging files, using
larger sized files as paging demands increase. The -S, -H and -L
options disable that default and cause dynamic_pager to use a
series of fixed sized external paging files.

-H If there are less than high-water-trigger bytes free in the
external paging files, the kernel will signal dynamic_pager to
add a new external paging file.

-L If there are more than low-water-trigger bytes free in the exter-
nal paging files, the kernel will coalese in-use pages and signal
dynamic_pager to discard an external paging file.
Low-water-trigger must be greater than high-water-trigger +
filesize.

-P This option is currently unimplemented.

FILES

/private/var/vm/swapfile* Default external paging files.

EOF

Rbcafe » Security » Cryptography

Crypt

Crypt

crypt, setkey, encrypt, des_setkey, des_cipher, — DES encryption

SYNOPSIS

#include

char
*crypt(const char *key, const char *setting);

void
setkey(char *key);

void
encrypt(char *block, int flag);

int
des_setkey(const char *key);

int
des_cipher(const char *in, char *out, long salt, int count);

DESCRIPTION

The crypt() function performs password encryption, based on the NBS Data
Encryption Standard (DES). Additional code has been added to deter key
search attempts. The first argument to crypt() is a null-terminated
string, typically a user’s typed password. The second is in one of two
forms: if it begins with an underscore (« _ ») then an extended format is
used in interpreting both the key and the setting, as outlined below.

Extended crypt:

The key is divided into groups of 8 characters (the last group is null-
padded) and the low-order 7 bits of each each character (56 bits per
group) are used to form the DES key as follows: the first group of 56
bits becomes the initial DES key. For each additional group, the XOR of
the encryption of the current DES key with itself and the group bits
becomes the next DES key.

The setting is a 9-character array consisting of an underscore followed
by 4 bytes of iteration count and 4 bytes of salt. These are encoded as
printable characters, 6 bits per character, least significant character
first. The values 0 to 63 are encoded as « ./0-9A-Za-z ». This allows
24 bits for both count and salt.

Traditional crypt:

The first 8 bytes of the key are null-padded, and the low-order 7 bits of
each character is used to form the 56-bit DES key.

The setting is a 2-character array of the ASCII-encoded salt. Thus only
12 bits of salt are used. count is set to 25.

Algorithm:

The salt introduces disorder in the DES algorithm in one of 16777216 or
4096 possible ways (ie. with 24 or 12 bits: if bit i of the salt is set,
then bits i and i+24 are swapped in the DES E-box output).

The DES key is used to encrypt a 64-bit constant using count iterations
of DES. The value returned is a null-terminated string, 20 or 13 bytes
(plus null) in length, consisting of the setting followed by the encoded
64-bit encryption.

The functions, encrypt(), setkey(), des_setkey() and des_cipher() provide
access to the DES algorithm itself. setkey() is passed a 64-byte array
of binary values (numeric 0 or 1). A 56-bit key is extracted from this
array by dividing the array into groups of 8, and ignoring the last bit
in each group. That bit is reserved for a byte parity check by DES, but
is ignored by these functions.

The block argument to encrypt() is also a 64-byte array of binary values.
If the value of flag is 0, block is encrypted otherwise it is decrypted.
The result is returned in the original array block after using the key
specified by setkey() to process it.

The argument to des_setkey() is a character array of length 8. The least
significant bit (the parity bit) in each character is ignored, and the
remaining bits are concatenated to form a 56-bit key. The function
des_cipher() encrypts (or decrypts if count is negative) the 64-bits
stored in the 8 characters at in using abs(3) of count iterations of DES
and stores the 64-bit result in the 8 characters at out (which may be the
same as in ). The salt specifies perturbations to the DES E-box output
as described above.

The function crypt() returns a pointer to the encrypted value on success,
and NULL on failure. The functions setkey(), encrypt(), des_setkey(),
and des_cipher() return 0 on success and 1 on failure.

The crypt(), setkey() and des_setkey() functions all manipulate the same
key space.

EOF

Rbcafe » Security » Cryptography

Blowfish

Blowfish

blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt,
BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options – Blow-
fish encryption

SYNOPSIS

#include (openssl/blowfish.h)

void BF_set_key(BF_KEY *key, int len, const unsigned char *data);

void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
BF_KEY *key, int enc);
void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int enc);
void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int *num,
int enc);
void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int *num);
const char *BF_options(void);

void BF_encrypt(BF_LONG *data,const BF_KEY *key);
void BF_decrypt(BF_LONG *data,const BF_KEY *key);

DESCRIPTION

This library implements the Blowfish cipher, which was invented and
described by Counterpane.

Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of
data. It uses a variable size key, but typically, 128 bit (16 byte)
keys are a considered good for strong encryption. Blowfish can be used
in the same modes as DES (see des_modes(7)). Blowfish is currently one
of the faster block ciphers. It is quite a bit faster than DES, and
much faster than IDEA or RC2.

Blowfish consists of a key setup phase and the actual encryption or
decryption phase.

BF_set_key() sets up the BF_KEY key using the len bytes long key at
data.

BF_ecb_encrypt() is the basic Blowfish encryption and decryption func-
tion. It encrypts or decrypts the first 64 bits of in using the key
key, putting the result in out. enc decides if encryption (BF_ENCRYPT)
or decryption (BF_DECRYPT) shall be performed. The vector pointed at
by in and out must be 64 bits in length, no less. If they are larger,
everything after the first 64 bits is ignored.

The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and
BF_ofb64_encrypt() all operate on variable length data. They all take
an initialization vector ivec which needs to be passed along into the
next call of the same function for the same message. ivec may be ini-
tialized with anything, but the recipient needs to know what it was
initialized with, or it won’t be able to decrypt. Some programs and
protocols simplify this, like SSH, where ivec is simply initialized to
zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes
long, while BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to
encrypt an variable number of bytes (the amount does not have to be an
exact multiple of 8 ). The purpose of the latter two is to simulate
stream ciphers, and therefore, they need the parameter num, which is a
pointer to an integer where the current offset in ivec is stored
between calls. This integer must be initialized to zero when ivec is
initialized.

BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.
It encrypts or decrypts the 64 bits chunks of in using the key sched-
ule, putting the result in out. enc decides if encryption (BF_ENCRYPT)
or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8
byte long initialization vector.

BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
It encrypts or decrypts the bytes in in using the key schedule, putting
the result in out. enc decides if encryption (BF_ENCRYPT) or decryp-
tion (BF_DECRYPT) shall be performed. ivec must point at an 8 byte
long initialization vector. num must point at an integer which must be
initially zero.

BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
It uses the same parameters as BF_cfb64_encrypt(), which must be ini-
tialized the same way.

BF_encrypt() and BF_decrypt() are the lowest level functions for Blow-
fish encryption. They encrypt/decrypt the first 64 bits of the vector
pointed by data, using the key key. These functions should not be used
unless you implement ‘modes’ of Blowfish. The alternative is to use
BF_ecb_encrypt(). If you still want to use these functions, you should
be aware that they take each 32-bit chunk in host-byte order, which is
little-endian on little-endian platforms and big-endian on big-endian
ones.

RETURN VALUES

None of the functions presented here return any value.

NOTE

Applications should use the higher level functions EVP_EncryptInit(3)
etc. instead of calling the blowfish functions directly.

EOF

Rbcafe » Security » Cryptography

Base64

Base64

base64 – Encoding « base64 »

SYNOPSIS

package require Tcl 8.2
package require Trf 2.1p2
base64 options… data

DESCRIPTION

The command base64 is one of several data encodings provided by the
package trf. See trf-intro for an overview of the whole package.

This encoding transforms every block of three bytes into a block of
four bytes, each of which is printable, i.e. 7bit ASCII. This implies
that the result is valid UTF-8 too. The command uses essentially the
same algorithm as for uuencode, except for a different mapping from
6-bit fragments to printable bytes.

base64 options… data

-mode encode|decode

This option has to be present and is always understood by
the encoding.

For immediate mode the argument value specifies the oper-
ation to use. For an attached encoding it specifies the
operation to use for writing. Reading will automatically
use the reverse operation. See section IMMEDIATE versus
ATTACHED for explanations of these two terms.

Beyond the argument values listed above all unique abbre-
viations are recognized too.

Encode converts from arbitrary (most likely binary) data
into the described representation, decode does the
reverse .

-attach channel

The presence/absence of this option determines the main
operation mode of the transformation.

If present the transformation will be stacked onto the
channel whose handle was given to the option and run in
attached mode. More about this in section IMMEDIATE ver-
sus ATTACHED.

If the option is absent the transformation is used in
immediate mode and the options listed below are recog-
nized. More about this in section IMMEDIATE versus
ATTACHED.

-in channel

This options is legal if and only if the transformation
is used in immediate mode. It provides the handle of the
channel the data to transform has to be read from.

If the transformation is in immediate mode and this
option is absent the data to transform is expected as the
last argument to the transformation.

-out channel

This options is legal if and only if the transformation
is used in immediate mode. It provides the handle of the
channel the generated transformation result is written
to.

If the transformation is in immediate mode and this
option is absent the generated data is returned as the
result of the command itself.

NOTES

[1] The encoding is equivalent to PGP’s ASCII armor and was also
accepted as one of the MIME encodings for encapsulation of
binary data. See RFC 2045
tor.org/rfc/rfc2045.txt) for details and the specification of
this encoding.

[2] The encoding buffers 2 bytes.

IMMEDIATE versus ATTACHED

The transformation distinguishes between two main ways of using it.
These are the immediate and attached operation modes.

For the attached mode the option -attach is used to associate the
transformation with an existing channel. During the execution of the
command no transformation is performed, instead the channel is changed
in such a way, that from then on all data written to or read from it
passes through the transformation and is modified by it according to
the definition above. This attachment can be revoked by executing the
command unstack for the chosen channel. This is the only way to do this
at the Tcl level.

In the second mode, which can be detected by the absence of option
-attach, the transformation immediately takes data from either its com-
mandline or a channel, transforms it, and returns the result either as
result of the command, or writes it into a channel. The mode is named
after the immediate nature of its execution.

Where the data is taken from, and delivered to, is governed by the
presence and absence of the options -in and -out. It should be noted
that this ability to immediately read from and/or write to a channel is
an historic artifact which was introduced at the beginning of Trf’s
life when Tcl version 7.6 was current as this and earlier versions have
trouble to deal with \0 characters embedded into either input or out-
put.

EOF

Page 3 sur 3123
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité