I can't decide whether this is a troll or not, so I'm going to comment. You have two big problems here: 1) An insecure protocol. 2) An insecure cipher. Your protocol transmits the key in the clear. Your cipher is something you just made up. This system provides absolutely no security. You should probably get a copy of Applied Cryptography and use SSL for this in the mean time. - Mike -- http://www.thoughtcrime.org On Fri, 6 Sep 2002, Bryan Ponnwitz wrote: > I've designed an HR system for the company that I work for and part of > the system is a server application which allows for program updates to > be downloaded, messages to be sent to users and provides the ability to > kick users. For this, I've developed my own protocol running on port > 7282/tcp. Since this server is what I use for authentication, I had to > build some encryption into the protocol so that usernames and passwords > weren't being transmitted cleartext. My question is, how safe am I > using this encryption? I've heard that homegrown encryption is asking > for trouble, but it seems to me that it would be difficult to break it. > In any case, this is the encryption method that this program will use > since it's about to go into production, so please don't suggest > alternatives; I'm only looking to evaluate the method I've developed. > I've outlined my encryption methods bellow; take a look and let me know > how tough you think it would be to crack. Any comments are welcome! > > ------- > > The protocol is setup so that the first four bytes of any transfer are > signaling data. Packets can be more than 4 bytes depending on what is > in the signaling data, but 4 bytes is the minimum; for instance: > EC 03 00 00 is the data you would send to the server to login. After > the signaling data, you would have to put the length of the encrypted > username (1 byte), the length of the encrypted password (1 byte), the > encrypted username (varible size) and the encrypted password (varible > size). In this case, you would have 6 + length of username + length of > password bytes of data. > In contrast, when the server verifies that you are who you say you are, > it would send EA 03 00 00 to signal that your login has been accepted. > There is no more data to send along with the signaling data so, in this > case, the data is only 4 bytes long. > > If, at anytime, you send invalid signaling data to the server, you will > be disconnected. If you send correct signaling data, but the rest of > the data is malformed, the server will simply not respond. If you send > invalid user credentials or try to send a request other than for an > encryption key or to login without first logging in, the server will > disconnect you. Until you login, the server will allow a client to send > unlimited requests for encryption keys but will not allow you to request > a new key once your logged in (you'll be disconnected if you request a > new key). > > All text is encrypted using the following algorithm: > enc = ((((char + E0) * 2 * E1 + 31 + E2) * E3 + (69 * E4)) * (E5 + E6) + > (E7 * E8)) * 2 * E9 > Where enc is a Visual Basic Double (8 bytes) and char is the ascii > character code to encrypt. > > For the following explanation, it's important to understand what's the > signaling data and what is the data to be decrypted and used. This is a > list of the signaling data I've used below and what it means. > > EB 03 00 00 = "Send me a key" if from a client and "Here's your key" if > from a server. When the server sends this message, it's followed by 10 > bytes of data to be used for encryption. > EC 03 00 00 = "This is my username and password". As always, bytes 0 - > 3 are the signaling data, byte 4 is the length of the encrypted username > (in bytes), byte 5 is the length of the encrypted password (in bytes), > and the rest of the data is the encrypted username and password. > EA 03 00 00 = "Your login has been accepted." > BD 0B 00 00 = "Are there any updates for me to download" if from a > client. The signaling data is followed by the name of the client > computer encrypted. If from a server, it's an answer and byte 4 means > "Yes" if it's a 1 and "No" if it's a 0. > B9 0B 00 00 = Same as BD 0B 00 00, but would require Update.exe to be > run to do the updating. > BF 0B 00 00 = PING! ("Are you still there?") > C0 0B 00 00 = PONG! ("Yes!") > D3 07 00 00 = "Here's an encrypted message from an admin." The > signaling data would be followed by the encrypted messsage. > > The following is a typical dialog to see between the server and client: > > (Connect on port 7282) > > >From Client: EB 03 00 00 > Send me an encryption key. > > >From Server: EB 03 00 00 3F DE B8 73 16 A1 D5 21 3C E7 > Here's your key. (The last 10 bytes are the key and are randomly > generated numbers between 1 and 254.) > > >From Client: EC 03 00 00 70 40 00 40 AB 35 AF A0 70 42 00 40 5B BD 47 CA > 76 42 00 40 7A A6 58 B0 77 42 00 40 A2 62 8C 9B 74 42 00 40 B7 5C D0 46 > 76 42 00 80 72 00 71 86 68 42 00 40 E9 07 D1 6C 72 42 00 40 E0 34 AE 67 > 76 42 00 40 B7 5C D0 46 76 42 00 40 B7 5C D0 46 76 42 00 40 28 F6 9C 6E > 77 42 00 40 EA 23 7B A2 75 42 00 40 AD 6D 03 0C 77 42 00 40 A3 7E 36 D1 > 77 42 00 40 09 0D 8C 88 76 42 00 40 A2 62 8C 9B 74 42 00 40 84 95 25 EB > 76 42 00 40 84 95 25 EB 76 42 00 40 28 F6 9C 6E 77 42 00 40 E0 34 AE 67 > 76 42 00 40 5B BD 47 CA 76 42 00 40 1D EB 25 FE 74 42 > This is my username and password; validate me. (usr: Bryan Ponnwitz > pass: password) > > >From Server: EA 03 00 00 > Login accepted. (If the login were rejected, the client would be > disconnected at this step instead of receiving the login accepted > message.) > > >From Client: BD 0B 00 00 00 80 0E F7 A9 02 80 42 00 00 02 A5 B7 3A 82 42 > 00 00 3A 4B 87 15 81 42 00 80 9E AA 0A 4D 82 42 00 80 65 9F 64 28 82 42 > 00 00 C5 E0 C2 95 7C 42 00 00 A9 0D 5B 28 7D 42 > Are there any updates this program should download for computer EdTec-1? > (EdTec-1 is the name of my workstation) > > >From Server: BD 0B 00 00 00 > No. (If this were yes, you would see BD 0B 00 00 01.) > > >From Client: B9 0B 00 00 00 80 0E F7 A9 02 80 42 00 00 02 A5 B7 3A 82 42 > 00 00 3A 4B 87 15 81 42 00 80 9E AA 0A 4D 82 42 00 80 65 9F 64 28 82 42 > 00 00 C5 E0 C2 95 7C 42 00 00 A9 0D 5B 28 7D 42 > Should I start Update.exe so it can download updates for EdTec-1? > > >From Server: B9 0B 00 00 00 > No. > > (While the client is logged on, the server will ping the client every 20 > seconds as shown below.) > > >From Server: BF 0B 00 00 > PING! > > >From Client: C0 0B 00 00 > PONG! > > (The client may also receive a message from an admin as shown bellow.) > > >From Server: D3 07 00 00 00 00 7E 25 21 0C 73 42 00 00 1E EA 13 A2 74 42 > 00 00 DE 5E 63 F0 75 42 00 00 7E 79 44 08 76 42 00 00 FC 79 CF 64 6C 42 > 00 00 1E 6B F9 64 72 42 00 00 1E EA 13 A2 74 42 00 00 DE 5E 63 F0 75 42 > 00 00 DE 5E 63 F0 75 42 00 00 9E 7F 8F 42 74 42 00 00 5E 1F D6 D1 74 42 > 00 00 1E EA 13 A2 74 42 > You have received a message: "Test Message" > > And eventually when the client is ready to disconnect, the connection is > just dropped, there is no "logoff" to say, just the connection being > dropped. > > > Bryan Ponnwitz > Webmaster - Broome-Tioga Boces > bponnwitat_private > (607) 763-3609 >
This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 14:08:41 PDT