# VBForums CodeBank > CodeBank - Visual Basic 6 and earlier >  VB - 128, 160 and 256 Bit File Encryption/Decryption with MD5, SHA1 and SHA256

## CVMichael

For those of you who think that hashing is used for one way encryption only, you need to learn how to think "outside of the box"

This project is using the well known MD5, SHA1 and SHA256 to encrypt and decrypt files. I came up with the algorithm myself sometime last year, and I'm using this type of encryption ever since.

I've spent weeks trying to make a good encryption algorithm, and this one is the final one, and the best. The encryption simply cannot be broken without the password, unless you have a super computer... then maybe you can.
Whoever knows about how difficult is to break hash encryption, well, this encryption is just as difficult to break because it's using the hash data to encrypt and decrypt.

Please mention my name when implementing this encryption/decryption in your programs... thank you  :Smilie:

----------


## Virus00110

I took notice that no one has posted anything about how great this program is.  I downloaded it and have played around with it and I am very impressed.  You did a great job.  Anybody that wants a great encrypt/decrypt program for files and free basically this one is it.  This is going to be the hotest code snippet in the codebank.  :Big Grin:

----------


## CVMichael

Thanks  :Big Grin:  I'm glad someone likes it  :Smilie: 

Just to point something out, this code is not optimized for speed; I programmed it the way it is now because I want people to understand it.  I made the code as simple as possible.  Once you understand how it works, i'm sure anyone can optimize it for speed.

----------


## Hawk

I agree with Virus00110.  I like it and especially at a time when I am looking into encryption.

I am just trying to understand your code CVMichael.

----------


## seec77

your encryption is really awesome! i just have one question... can i use this encryption to encrypt strings, and then decrypt strings, and if so, how?

----------


## CVMichael

There is only ONE way to do it... UNDERSTAND my code (the way the excryption works), then modify it to work for strings, or whatever you want...

----------


## seec77

yes, but i don't understand your code... i just want a simple encryption for a password to my program, is that so hard?

----------


## CVMichael

Then use this encryption:
VB - 31 Bit Encryption function

----------


## ae_jester

I am looking for an encryption (similar to the RndCrypt example in the previous post) that will still be capable of displaying the encrypted data in a text box after it has been encrypted.  All the examples I have found, including the one above, will not display properly in a textbox because of some weird control characters that are encountered.  Is there any thing out there that can do this????

Thanks in advance!

----------


## seec77

> _Originally posted by ae_jester_ 
> *I am looking for an encryption (similar to the RndCrypt example in the previous post) that will still be capable of displaying the encrypted data in a text box after it has been encrypted.  All the examples I have found, including the one above, will not display properly in a textbox because of some weird control characters that are encountered.  Is there any thing out there that can do this????
> 
> Thanks in advance!*


no such encryption
unless you want to do some special xor encrypt that only lets numbers be the ascii numbers of readable chars...
the best way is to perform a special mixing of the word...
like reverse the take the two right letters and mix em, stuff like that

----------


## DiGiTaIErRoR

> _Originally posted by ae_jester_ 
> *I am looking for an encryption (similar to the RndCrypt example in the previous post) that will still be capable of displaying the encrypted data in a text box after it has been encrypted.  All the examples I have found, including the one above, will not display properly in a textbox because of some weird control characters that are encountered.  Is there any thing out there that can do this????
> 
> Thanks in advance!*


You can use a RTB, although if the first character is null(that's what causes the problem), it won't work.

The better way is to convert to a different base, like hex. The the clipboard won't get screwy either....

----------


## MixMaster

Could anyone help me with regards to public and private key encryption? I have already started a thread here .

----------


## Strange_will

Whoa okay this is interesting... are the actual bits of your files encrypted... or is there a encrypted MD5 hash that is incoperated into the lock file, than the bits are encoded?


I'm confused because as far as I know our best mathematicians were trying to figure out if there was a way to beat a hash other than pure guessing and comparing....


I can understand using MD5 to encrypt a file and producing some kind of lock on it, but decoding MD5 to get the origional data should theoretically impossible because it isn't a complete picture of the file....


Plus it isn't just one hash is it... when I make hashs, no matter how long or short the password is.. it's bit length is always the same, but not the case with the encrypted files... so what is your program encrypting a bunch of hashes? And then it finds patterns that it knows how to look for or something to decrypt?


Hmm... It's an interesting concept... but it can't be a hash, because a hash... or at least the hashs I've dealt with are incomplete answers... you would loose data unless your program knew to look for patterns and replace the missing data....

----------


## CVMichael

Hi Strange_will, the thing is that i'm not encryption WITH the hash, i'm encrypting USING the hash output.

I looked for the last hour to find a specific link that explains well how my algorithm works, but I can't find it anymore. It's always like this, when you need something you can't find it...

Anyways...  I'll try to explain it myself.
I tried to explain this a long time ago, when I had the idea, but I was not very successfull as you can see in this thread: http://www.vbforums.com/showthread.php?t=206386

Hopefully this time I'll make more sence.

First the basics.
I'll use 128 Bit encryption to explain this.

In almost any encryption, you XOR the data you want to encrypt with some kind of password. But in this case I use the HASH as a password.
The hash output has 16 bytes. That means that i can use that 16 bytes to XOR byte by byte with the string I want to encrypt, and voala, I have an encrypted result.

So first, I take the password, lets say the password is "password", then I hash it, and I get "5f4dcc3b5aa765d61d8327deb882cf99" (that's in hex, but i'm using the raw data).
Then I take the first byte of the hash, and XOR it with the first byte of the string I want to encrypt, the result is the encrypted byte. Then I take the second byte, and so on, for the rest of 16 bytes. When done I repeat the process, but I start at byte 1 in the hash, and byte 17 in the string I want to encrypt. And so on until all data in encrypted.

That is the basic stuff... now one step further:
The hash has 16 bytes output, and the nice thing about it, is that if you change ONE character, any character, the hash output will be complectly diferent.

If you have the password "password", and you add a number to it "password1", the hash output will be complectly different, then you increment the number, and another diferent output, and so on...

What you get is a hash that is is as long as the string you want to encrypt.

Using the first password: "password1", you encrypt ONLY the first 16 bytes of the string, then you increment, and you get a different hash using password "password2", and you hash from 17'th byte to 32, and so on...

This is exactly how my encryption in the first post works.
This is a diagram on how it's done (I'm not very good at diagrams by the way)


So the idea is that the hash output is used only once, then for the next 16 bytes, you make a new hash, and so on, making the encryption IMPOSSIBLE to crack.
Let's say it takes a day to crack one hash, so... you found 16 bytes... what can you do with 16 decrypted bytes ? nothing... then you have to break the next 16 bytes... another day...  and so on... it will take an eternety to decrypt the whole file if you use brute force even with the fastest computer in the world...

But of course you don't have to stop at making passwords by appending an incrementing number to the password, you could do something like:

VB Code:
new_password = password & CStr(Cos(index) + Tan(index))
Imagine cracking a password/hash where the numbers change like that ?

----------


## Strange_will

Oh oh oh I see, wow okay thats pretty awsome... I had a friend message me saying 'hah you said hash's wern't decryptable' okay I understand now thats really cool...


I usually so cos and sin because tan has a asemtope and even though I'd probably never hit it... I'm paranoid  :Stick Out Tongue: 

Then I use mids to cut a piece out, that piece is basically my hashed password... so to work backwards is impossible, because you only have a piece of the password answer... instead of the full password... 

Thats what I thought you were decrypting from what my friend was saying, but seeing how you did it I'm really impressed....

----------


## nkad

I hope you realise though, that it is by no means "secure". Based on your diagram, I can tell you right now, that It could be cracked in a matter of hours.

Pleae don't take that the wrong way, and don't get discuraged either. I think you are on a great start to learning more about the intimate details of encryption techniques!

Keep up the good work!

PS. If you want me to point out the flaws in your design, i'd be glad to do so, but I thought I'd better ask for your permission first.

----------


## Strange_will

> I hope you realise though, that it is by no means "secure". Based on your diagram, I can tell you right now, that It could be cracked in a matter of hours.
> 
> Pleae don't take that the wrong way, and don't get discuraged either. I think you are on a great start to learning more about the intimate details of encryption techniques!
> 
> Keep up the good work!
> 
> PS. If you want me to point out the flaws in your design, i'd be glad to do so, but I thought I'd better ask for your permission first.


I think it's just a simple diagram, he can switch it around, encode it more, it's just the basic picture to tell me how it works... I mean really nothing is 100% secure...  :Stick Out Tongue:

----------


## techgnome

> I hope you realise though, that it is by no means "secure". Based on your diagram, I can tell you right now, that It could be cracked in a matter of hours.
> 
> Pleae don't take that the wrong way, and don't get discuraged either. I think you are on a great start to learning more about the intimate details of encryption techniques!
> 
> Keep up the good work!
> 
> PS. If you want me to point out the flaws in your design, i'd be glad to do so, but I thought I'd better ask for your permission first.


Generaly speaking, yes, once you know how the algorithm works, it's easier to undo it. But it's when you DON'T know the encryption that it becomes harder to figure out.

For extreme simplicity, let's say the answer is 3. But what was the question? 1 + 2? 6/ 2? 3 * 1?  4 - 1? It's not known how the result was derived. But if I mention that an additive methodology was used, well, it becomes a no brainer that 2 + 1 is the source. (We'll ignore the use of negatives since -1 + 4 is just as valid).

So, yeah, once you know the paths taken, it's easy (comparatively) to work out the origination. The idea is to not let it be known what method was used nor how it works.

Tg

----------


## nkad

Yeah, I know, the encryption key sticks out like a sore thumb though, that was one of my points.

----------


## CVMichael

> PS. If you want me to point out the flaws in your design, i'd be glad to do so, but I thought I'd better ask for your permission first.


Please enlighten me...

----------


## techgnome

It does? How so? It's not like the key is hard coded.  

TG

----------


## nkad

I miss understood the way you made the key. Not a bad idea either, not pretty, but not bad.

One of the problems is that, even though your key is random, you only make one pass with xor. When you go to xor your key with the plain text, it will cause the key itself it stick out, making it susceptible to an attack. You could perform a frequency analysis of the cipher text and make some educated guesses of what the message is.

----------


## techgnome

Not really.... the key rolls every so many bytes..... Let's assume you can figure out the key for the first 16 bytes and are able to get it into clear text again. Again, assume you don't know the algorithm, but were able to brute force it using the frequency analysis and other methods. OK, so now you know the first 16 bytes, but if you attempt to apply that same key to the remainder of the ecrypted text, you'll get complete gibberish.... because the key rolled over to a new hash value. 

Tg

----------


## nkad

I know.

Anyway, I won't drag this discussion out any further..

----------


## CVMichael

> When you go to xor your key with the plain text, it will cause the key itself it stick out, making it susceptible to an attack. You could perform a frequency analysis of the cipher text and make some educated guesses of what the message is.


Every key is used only ONCE... you can't do any type of analysis for that...

And also, keep in mind, that the key does not have to be created with in incremented number, as I was saying before you could have something like:

VB Code:
new_password = password & CStr(Cos(index) + Tan(index))
Or

VB Code:
Rnd -1 '  init
Randomize 12312 ' some number
 ' for every iteration
new_password = password & Rnd
Kind of like a combination of my VB - 31 Bit Encryption function and this one...

ALSO... something that I did not mention before...
You could have a recursive key (i.e. Current key = previous key + current password)

How you get the key is up to your imagination, that's where you make your encryption unique...

----------


## Strange_will

Whoa whoa, new key for every set of bits? Wow that is pretty awsome... hahaha and evil  :Wink: 

Yes anything is not 100% secure.... but it would take way longer to crack it than it took this guy to make it...  :Stick Out Tongue:

----------


## KuJi

Hey, does anyone think they can convert this into a program so that it will get the windows key, encrypt it?

I need it to make a login for my program...so it cant be stolen.

----------


## CVMichael

> Hey, does anyone think they can convert this into a program so that it will get the windows key, encrypt it?
> 
> I need it to make a login for my program...so it cant be stolen.


Your question is not very clear.

Please post in the Classic Visual Basic forum, because appart that your question is about encryption, it has nothing to do with my program. You don't need my program for what you what to do (from as much as i can understand from your question).
You can secure a password using hashing ONLY (one way encryption), you don't need 2 way encryption for a login.
Anyways, please post this question in the general forum (the link above).

----------


## CVMichael

I finally found the link I was talking about in post #14
http://www.cs.rit.edu/~ark/lectures/...ewayhash.shtml

If you look at the bottom of that page, you will see that there's a diagram simmilar to mine on how to do encryption and decryption with hash.

----------

