Who broke the SHA1 Algorithm?

Bookmarks: 

Thursday, March 02, 2017

SHA-1 is a hash function developed by NSA and standardized by NIST in 1994. It is implemented in many Internet protocols using cryptographic primitives, such as TLS. Last week the CWI Institute in Amsterdam and Google announced the first practical collision for SHA-1, meaning that they actually generated two files with the same cryptographic hash, something that should never happen with a hash function because collisions can be used to forge false messages in fraudulent activities.

TMS Software has been conservative with cryptographic algorithms and, while offering a wide variety of primitives in its comprehensive TMS Cryptography Pack, is committed to only supporting robust and secure algorithms. Therefore TMS Cryptography Pack never implemented deprecated algorithms such as SHA-1, MD5 or DES, but rather provides the Delphi and C++ Builder communities with the latest standards such as the AES, strong RSA, Elliptic Curve Cryptography, the SHA2 and SHA3 families and ARGON2 for key derivation and many other useful features packaged and ready to use for developers in all types of multi-platform applications.

TMS Cryptography Pack implements all these algorithms except SHA-1 and MD5

Presentation of TMS Cryptography Pack at Bordeaux and Nantes

Barnsten in organizing 2 free events in March:
Bernard Roussely from TMS Software will be presenting a client server demo showing how to generate a certificate, register to a Linux server that maintains a database of certs and then how to authenticate exchanges between clients with the server acting as a trust authority in the middle. If you are around and want to learn more about cryptography in general and TMS Cryptography Pack, register for one of these free events!

Nancy Lescouhier


Bookmarks: 

This blog post has not received any comments yet. Add a comment.



TEncryptedIniFile: easy to use class for handling app settings with encryption

Bookmarks: 

Thursday, November 10, 2016

What's wrong with the KIS principle to store application settings in an INI file? The risk that someone is tampering with the INI file is an often heard reason for not using them. Not being able to store private or secret information another one.
Both issues are solved with the introduced TEncryptedIniFile class. It descends from TMemIniFile and is as such a drop-in replacement and will deal only in app memory with decrypted data. In the file itself, the data is at all times encrypted. To build TEncryptedIniFile, we internally use AES 256bit encryption offered by the TAESEncryption class in TMS Cryptography Pack.

The code to use TEncryptedIniFile becomes something like:
const
  aeskey = 'anijd54dee1c3e87e1de1d6e4d4e1de3';
var
  mi: TEncryptedIniFile;
begin
  try
    mi := TEncryptedIniFile.Create('.settings.cfg', aeskey);
    try
      FTPUserNameEdit.Text := mi.ReadString('FTP','USER','');
      FTPPasswordNameEdit.Text := mi.ReadString('FTP','PWD','');
      FTPPortSpin.Value := mi.ReadInteger('FTP','PORT',21);
      mi.WriteDateTime('SETTINGS','LASTUSE',Now);
      mi.UpdateFile;
   finally
      mi.Free;
   end;
  except
    ShowMessage('Error in encrypted file. Someone tampered with the file?');
  end;
end;
Of course, the weakness now is that the AES key is in the EXE file and as such, it won't stop seasoned hackers to extract it from the EXE and use it directly to decrypt/encrypt the settings file and tamper with it this way. Extra steps could be taken to use an AES key that is a combination of a unique machine ID and a part that is encrypted with a Ed25519 generated public key and decrypt the encrypted part of the AES key on the fly in the app with the Ed25519 private key and then use it in combination with the machine ID to encrypt/decrypt the INI file. That should make the effort to hack the settings file already a lot more difficult.

To start using this TEncryptedIniFile you can get TMS Cryptography Pack and you can download the TEncryptedIniFile class source here.


Bruno Fierens


Bookmarks: 

This blog post has not received any comments yet. Add a comment.



New cryptography solutions from TMS software in partnership with Cyberens

Bookmarks: 

Monday, June 20, 2016

In the past couple of months, TMS software formed a partnership with the company Cyberens with the goal to jointly develop cryptography solutions for Delphi, C++, C users. With this partnership, Bernard Roussely and Marion Candau from Cyberens bring in the high expertise in cryptography algorithms with the expertise of TMS software to bring this in intuitive and easy to use classes for Delphi and C++Builder users. Bernard Roussely and Marion Candau have years of experience with cryptography, developed cryptography based solutions for various high-profile security projects in companies and governments and have completed all the administrative work to satisfy EU export control requirements.

The first result coming forth out of this partnership is the TMS Cryptography Pack. This is a bundle of advanced and up-to-date cryptography algorithms such as AES, SPECK, SALSA20, ECIES encryption, SHA2 and SHA3 hash generation, RSA, EdDSA signing ...



You can discover the TMS Cryptography Pack here and download a fully functional trial version for Delphi XE2 to Delphi 10.1 Berlin.

We're excited to work together with Bernard Roussely & Marion Candau to build out a strong line of cryptography based solutions for software developers in the coming years and we're eager to learn about your needs, comments, wishes in this area.

Bruno Fierens


Bookmarks: 

This blog post has received 6 comments. Add a comment.




Previous  |  Next  |  Index