This is a collection of SECURE encryption algorithms (BLOWFISH, TWOFISH, SKIPJACK, TEA, GOST, RC4 and DES). This post contains highly optimized code, if a similar post already exist here on PSC this one is at least a couple of 1000x faster!!
This is not like everybody else's "unbreakable" code, these are standardized encryption algorithms where the only possible way to crack it is by brute-force. DES is probably the least secure one (it took 22 hours for a supercomputer + 100,000 computers to crack it (distributed.net)). And that's the least secure one. ;)
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come
out every day, so no prevention program can catch 100% of them. For your own safety, please:
Re-scan downloaded files using your personal virus checker before using it.
NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
Scan the source code with Minnow's Project Scanner
If you don't have a virus scanner, you can get one at many places on the net
including:McAfee.com
Terms of Agreement:
By using this code, you agree to the following terms...
You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
You may link to this code from another website, but ONLY if it is not wrapped in a frame.
You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
I forgot a nice feature: The encryption routine adds a block of random data at the start of the text, and then CBC (Cipher-Block Chaining) is used to make the
1) Encryption stronger
2) The encrypted data will look different every time you encrypt, even when encrypting the same text with the same key!
(If this comment was disrespectful, please report it.)
Finally, someone has actually submitted some REAL encryption algorythms, not just ceasar cipher, etc! Don't forget that DES can be used to make triple DES, which is an industry standard and unbroken with long enough keys. And don't forget that public key encryption doesn't encrypt all the text - just the key for a private key encryption method like triple DES@ (If this comment was disrespectful, please report it.)
^Dark^: That's not a problem from my side (I promise ;)), Windoze will remove characters after any Chr$(0) character (and reformats a couple of chars too) when put into the Text property (or pasted into a textbox, whatever). If you want to cut'n'paste encrypted text one idea would be to convert the encrypted data to HEX values (or 64-base) from the encrypted data directly, this way Windoze won't be "in the way". In the program I stored the encrypted data into the Tag property first then the Text property (the decrypting phase will read the Tag property). The data in the Tag property is stored as-is and not reformatted.
Example.. run the code
Clipboard.SetText "hello" & Chr$(0) & "more"
and use Ctrl^V in Notepad, what you get? ;)
(If this comment was disrespectful, please report it.)
Well done this is excellent code. I've only just starting learning algorithms and am only at the bubblesort/quicksort/binpacking level. These little algorithms are much more juicy! VERY good stuff. Many Thanks. (If this comment was disrespectful, please report it.)
I wrote a encryption code that does simple 8-bit encryption. What degree of encryption does this use? I added the ascii number of a letter in the password to the ascii number of the text, plus the checksum (lowest 8 bits), take the lowest 8 bits, then turn the number back into a character. I have it able to encrypt ANY size file. I'll publish it here. (If this comment was disrespectful, please report it.)
hi...yum...but I experience a bug (error 9 i think) when trying to decrypt something with blowfish...it doesn't even work with the (If this comment was disrespectful, please report it.)
Hi..hmm...the blowfish decryption doesn't work...generates error 9(i think)....it doesn't workl with the "test key" either....mail me please....would like to correct that. (If this comment was disrespectful, please report it.)
bones m8, i hav already made an encryption program (with 14 industrial strength ciphers) but it's in delphi!! (and much much better than this 1, lol) (If this comment was disrespectful, please report it.)
2 Viper. It's true. DES and 3DES can be broken. But for the most of us are this algorithms really interesting becausethere aren't many people who can broke it in suck a short time that the information is still interesting. CU snake (If this comment was disrespectful, please report it.)
*shows head shamefully* hewwo... well... it seems 2 me after reading all the wee comments by viper.. (yay snake :D), that a quotation from Applied Cryptography is in order... "this isn't a book on number theory" *takes a bow* thankyou... thankyou...
But seriously - I believe it says somewhere in AC that (viper - 14!? which ones?) the strength of an algorithm is not just how long it takes 2 crack - but whether or not it can be cracked in a phesable (i issnt 2 good @ the spellink) time by the people who the secrets involved will interest - in english... the NSA aren't going to use their DES crackers (i dint say that;-)) cracking a games high scores! ... also... it wasn't in the applications section... this code is just a demo of how 2 use it.. so stop showing off pls :-) (If this comment was disrespectful, please report it.)
Viper, you are full of BS. *Every* encryption method can be decrypted, given enough time and resources. Point is that nobody wants to spend that time and effort in decrypting your pathetic comments, not even if they were only rot13. IOW: for your personal (private) communication, *any* of the methods showed here would be good enough.
You're only proving that *you* are the one not knowing anything about encryption. Rule number 1: Never spend much more time and effort encrypting something than anyone would want to spend decrypting it.
Fredrik: Good code! Compliments. (If this comment was disrespectful, please report it.)
dear every1 I am by no means trying to dis Mr.Qvarfort's work I am mearly pointing out that some of his comments are misleading and incorrect and that this programs is insecure. Not because of the algorithms (although they are by no means the best avalable) but because of the weakness of the program itself. I apologise profusely to anyone who has taken any offense to these truths. (If this comment was disrespectful, please report it.)
To anyone interested in using the built-in CryptoAPI that comes with Windows (which is preferable over straight VB code for business apps for many reaons), check out my posting on using the CryptoAPI. I began with Fredrik's CryptoAPI module and added SALT functionality, public/private key encryption, and signing. I threw in compression since you usually use one with the other. http://www.planetsourcecode.com/xq/ASP/txtCodeId.13517/lngWId.1/qx/vb/scripts/ShowCode.h tm (If this comment was disrespectful, please report it.)
Excuse me if I got something wrong. But I always thought that an encrypted text may only be decrypted with the same key as used when encrypting. Right?
I've compiled your code and tried the following: Encrypting a textfile with twofish (Key: (If this comment was disrespectful, please report it.)
DES is breakable, but the original programmer had already stated it had been broken.. Secondly, DES is not several decades old, it was first published in 1977. 3-DES is unbreakable in an acceptable amount of time with current hardware and current cryptanalytic techniques. The least secure algorithm he has is simple-XOR.
Differential cryptanalysis looks at the way differences between plain-text pairs and cipher-text pairs and how they evolve through out the structure of a cipher. Whether the plain-text is compressed or not makes no difference to this attack. Using differential cryptanalysis requires around 2^55 known plain-texts.
(If this comment was disrespectful, please report it.)
Compression effects simpler algorithm, like XOR because the redundancy of the compressed text is reduced, making a solution harder, but achievable with known plain-text.
Blowfish and Twofish are good ciphers. TEA is insecure, GHOST is probably okay. RC4 is a good stream cipher, biases become detectable after a few gigabytes of cipher-text. Skipjack is designed by the NSA; if DES is anything to go by, its good.
If a implementation meets the test vectors, its valid. Which makes it better than homegrown. Homegrown is a bad idea if u want security.
This man has picked some nice ciphers. It is a collection i would be proud of, i congratulate him on his efforts.
(If this comment was disrespectful, please report it.)
Problem. I can encrypt text (not a file) with any of the algorithms, and if i were to copy the encrypted text, close the program, then restart the program and paste the (encrypted) text into the appropriate box (using the correct key), it gives an error. It works if you keep the program open, but that's not very useful. is there something that i'm doing wrong? thanks (If this comment was disrespectful, please report it.)
As a response to creepy's problem.. As the project code was only designed to show how to operate on the class file I didn't think this "feature" was needed. But now I added two new functions in the program to convert the encrypted text into HEX values before printed into the textbox. This allows you to cut'n'paste the encrypted text back and forth. No change made though to the actual code (class file). (If this comment was disrespectful, please report it.)
Hi! I'm trying to implement the UNIX crypt function in order to be able to "generate" a .htpasswd file for a UNIX machine. Obviously this is done by a 56 bit DES encryption. Is this possible using your code? Any ideas welcome! Thanx. (If this comment was disrespectful, please report it.)
This is a terrific functional example of encryption alternatives. It suited my purposes perfectly. (If this comment was disrespectful, please report it.)
This code is (like i see it) high-end vb code. And i use it with delight. Now, when reading some of the comments, i can't stop windering if you guys (read = viper) are so hard-core and thinks you'r the greatest, then why bother with vb code? ;-).. thanks Fredrik, for posting this cool piece of work.. (If this comment was disrespectful, please report it.)
I have examined both Blowfish and Twofish and found Password problems as follows: Encrypt with 1234 password, save to disk and close program. Open program, get encrypted code from disk and decrypt with the following passwords: 1334, 1567, 1245, 1235, etc... This was all that I tested. Why? What is going on?? I do not know enough about code to try and find the problem.
(If this comment was disrespectful, please report it.)
Hello. I have decided to use these encryption rutines in my applications, since they is the best I have ever seen.
The problem is, when I try to massive encrypt/decrypt all DES, Blowfish, Twofish and others come up with "9 @ Subscript out of range".
This happens both in Decrypt/EncryptByte and in GetWord / PutWord.
Now I must say that I know nothing about cryptography, which makes me not able to troubleshoot this little neat piece of code.
And I was wondering if any of you would want to help me?
My e-mail is mfh@firenet.dk and my ICQ is 83297796 (83 29 77 96)
Example: Randomize Dim i As Integer For i = 0 To 1000 Text1(0) = Rnd(1 * 100) + 5 Text1(1) = EncryptObject.EncryptString(Text1(0), Text1(0)) Text1(2) = EncryptObject.DecryptString(Text1(1), Text1(0)) Me.Caption = i DoEvents Next i (If this comment was disrespectful, please report it.)
Just read creepys submission. Seems like that's my problem ; but I don't know yet. I'm trying it out. (If this comment was disrespectful, please report it.)
For the subscript out of range errors, perhaps use RTF Box instead of TextBox, as Textbox only allows a certain amount of text (this is if you're decrypting strings). Also, I haven't really checked, but if the prog uses integers, you may need to change some of them to Long or another format, if they're receiving values too high. Just suggestions, but maybe look into it. i'll check it out more tomorrow, but right now I'm heading to bed. Too much programming........... (If this comment was disrespectful, please report it.)
If you store the encrypted data directly into a textbox you *will* get errors for sure. This is because Windows will convert any unreadable characters (Chr$(8) and some others) to something it can handle. And when you try to decrypt incorrect data (remember some characters are changed) you *will* get subscript out of range or some other error.
One way of dealing with this (if you really need to store into textboxes) is to download the new version of the zip file which contans a modHEX.bas file which basically converts a text string into a hexadecimal value (with only 0-9, A-F characters). The new code would look something like
For i = 0 To 1000 Text1(0) = Rnd(1 * 100) + 5 Text1(1) = StrToHex(EncryptObject.EncryptString(Text1(0), Text1(0))) Text1(2) = EncryptObject.DecryptString(HexToStr(Text1(1)), Text1(0)) Next
Be aware though that converting a string into its HEX value will make the string 2x the size. (If this comment was disrespectful, please report it.)
Nice Coding, I am impressed by your programing skills, Please keep up the good work. BTW, IDEA is considerd to be the mose secure Cyphering Available to the public. I am working on a program that combindes both IDEA, and the Square Algorhythem together, givin, various attack resistan attempts.
(If this comment was disrespectful, please report it.)
nice coding. the only thing i wanted to know is if the user doesn't provide a key , then how have u generated the key to encrypt the data AND one more thing is that can i get some sample code if available just like this for public key encryption? (If this comment was disrespectful, please report it.)
I liked a lot this code. I wonder if someday someone will show us how to do 3DES. Someone wrote that we can call 3 times DES with different KEY but i don't think that is how 3DES is working. (If this comment was disrespectful, please report it.)
Fredrik, good code but it would be good to see more modern encryption. Could you post some code with encryption such as Serpent or MARS as I would find this very helpfull. Or could you at least point me in the right direction as I have searched many sites but found nothing.
(If this comment was disrespectful, please report it.)
Very nice to see someone willing to share code like this around... thank you...
One question though... it seems that the DES algorithm does not use an Initialization vector... Could someone kindly point me to how to add that into the algorithm. Thanks. (If this comment was disrespectful, please report it.)
I know it's a bit after the fact, but I think this is one of the best posts on PSC. I've used it in hundreds of applications. Thanks for posting this excellent code. (If this comment was disrespectful, please report it.)
how to make 3DES from this DES class file.. coz i have problem about "Incorrect size descriptor in DES decryption" .. please help me (If this comment was disrespectful, please report it.)
Well well well, seems I am going to make the first comment in this 2002 year! :) I will underline the perfectness of this code, its style, and that fact that Frederik Qvarfort is a great coder after all. One point for all people here: if you can, if you understand and if you arent lazy, use this code not only as a part of your application, but also as a basis for a future inventions and solutions - fix it, add into it, post result here and look at reaction of other "progressive humanity", the efforts are worth trying. (If this comment was disrespectful, please report it.)
Thanks for making this code available to us all. How easy would it be to store the original filename and encryption algorithm used in the resulting file, so that decrypting only requires input of the correct key. (If this comment was disrespectful, please report it.)
When using the DES code to perform triple-des I get the 'Incorrect Size descriptor ...' error. Can anyone help please. (If this comment was disrespectful, please report it.)
Thanx 4 letting this apps shareable..... I use thing as my reference 4 my final report as a collegge stu. It's neat...but the KEY (text1(3).text)doesn't work at all....D program works eventhought we did put any key words. I believe it's on the class module....right on the Private Property LetKey..... tried 2 debug it.... but failed (If this comment was disrespectful, please report it.)
Tripple DES is called Tripple DES because it has 48 rounds, instead of 16. (If this comment was disrespectful, please report it.)
11/16/2002 8:41:03 PM:
Dave, why do you ask for more "modern" algos like "Serpent or MARS?" Twofish was developed at the same time as serpent and mars, and was a competitor for the AES standard. Twofish was judged to be more secure than Rijndael (the current AES standard), but is slightly slower. It is far superior to both mars and serpent. Serpent is very secure, but super slow. The best two algos are Twofish and Rijndael (AES). Either one would take billions of years for the fastest super computer now available to break. Twofish has no weaknesses after 4 rounds! I don't know how good this vb implementation is (it's probably way slow, as most professionals use assembler routines for encryption), but one cannot ask for a better algo than twofish. (If this comment was disrespectful, please report it.)
Yes I agree those are the most secure for the speed. The others would also be interesting to have but not neccisary. (If this comment was disrespectful, please report it.)
This looks very nice, but can anyone tell me why, using blowfish (and the others), when I encrypt text multiple times, I get a different encrypted value. Shouldn't it always encrypt the same way?
I'm trying to find some encryption routines in VB that will encrypt the same way with the Blowfish routines I have in Java. Not having much luck though.
Thanks, David (If this comment was disrespectful, please report it.)
Yes, VB is very slow... even simple Feistel-based encryptiom algorithms sometimes take 3.5KB/second. But it is a commendable effort to code the highly complex (and secure) Twofish in Visual Basic! Congratulations to Mr Qvarfort! (If this comment was disrespectful, please report it.)
I love the collection, and will use it quite a bit. Side-note: Someone else on PSC has taken this, modified the interface only slightly, and posted it without crediting you. Were I you, I'd check into it.
Kudos to you! Excellent work! 5 stars from me!
(If this comment was disrespectful, please report it.)
Actually I don't care that much if anyone clones the code and doesn't credit me. Although I have updated the code to fix the bugs I won't upload it to PSC, instead I'll leave that for the people who download the code. (If this comment was disrespectful, please report it.)
DUDE! Mad Kudos to you for writing this. Geez...this must have taken weeks, even months to write. All I can say wow and excellent job. Keep up the outstanding work! (If this comment was disrespectful, please report it.)
Great Code Great Code Great Code, Now the question: I'm trying to store the hex value generated into a database field, what datatype on the database should I use?.. I used string at first but I do not know before hand the length of end result hex string. So I get an field size error when I try to store it. (If this comment was disrespectful, please report it.)
Nice work. I know the project is just to explain how to use the class objects, but for file encryption, you shouldn't load the entire file into one byte array (memory), especially if it is 4MB+. Instead, you should loop through the entire file, and encrypt it chunk by chunk. Anyway, thanks for the algorithms, they're much more secure than my own, 5 globes. :) (If this comment was disrespectful, please report it.)
These ciphers should be know by any wo puts it's first steps into cryptology. Good work, 5 globes from me! (If this comment was disrespectful, please report it.)
right no quotes.... I found an error in the blowfish class when you set the key more than once
Dim A As String, BF1 As New clsBlowFish, BF2 As New clsBlowFish: BF1.Key = ''asdf'': BF1.Key = ''asdf2'': BF2.Key = ''asdf2'': A = BF1.EncryptString(''asdf''): A = BF2.DecryptString(A): MsgBox A
the fix is easy: Public Property Let Key(New_Value As String) Class_Initialize <--- insert line (If this comment was disrespectful, please report it.)
4/7/2005 6:38:59 AM:
hi, Fredrik Qvarfort I am using your twofish encryption code and find that there is no problem in encrypting/decrypting a file. But when I try to encrypt/decrypt a string in the textbox, error occur when press the "decrypt" button. It said invalid array bound. I track down and find that it is because that in sub decryptbyte the value of cipherlen is far less than the value of origlen. Can you help me? Thanks a lot. (If this comment was disrespectful, please report it.)
In case someone comes along and sees David Trep's question (5/22/03) and wonders the same thing, don't feel bad. I had the same question until I realized that a good encryption routine should never encrypt the same data the same way twice. You just want it to decrypt it the same way every time ;) I figured this out a couple of years ago when I was trying to use the encryption results as a "constant". I nearly went insane because I knew very little about encryption. I was missing the point. The idea is that the encrypted data should be as undependable as possible. Make sure you don't use the encrypted results for anything but secure storage or transport. Always decrypt the info before using it in any way. (If this comment was disrespectful, please report it.)
Great code!!! Did anyone ever get 3DES to work without the "Incorrect size descriptor in DES decryption" error? (If this comment was disrespectful, please report it.)
Call Err.Raise(vbObjectError, , "Incorrect size descriptor in Blowfish decryption") (If this comment was disrespectful, please report it.)
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
By 77 Users
Download code
10/12/2000 12:05:19 PM: 
