security

The following are demo versions or proofs of concept of the ideas outlined in a number of my scripts and projects contained within this site.

All of these web applications will be made Open Source during 2010 and the source code will be made available on this site, in addition to which a forum will be established for the exchange of ideas in support of future enhancements to these projects either by myself or the Open Source community at large.

Stay tuned for this release!

1). Multi or Two Factor Authentication Demo
This solution provides a web-based two-factor or multi-factor (something you know plus something you have) proof of concept using a very low-tech solution much stronger than the traditional token-based variants. Further details are available on the demo site.

2). Dinofile - Secure File Server
This solution provides a web-based secure file transfer and storage system where files are transmitted over SSL and stored in an encrypted (256-bit AES) format on a non web accessible partition.

3). Ad Serving Solution
This solution provides for an Advertisement Serving solution similar in operation to that provided by the largest online agencies.

When performing file compression most people instinctively refer to WinZip. Beginning with Microsoft Windows ME (who can forget that quality release!), the Windows Operating System included their own tool for file compression.

While these along with many others provide a means to an end they are all limited in one particular way or another. Enter 7-Zip!

While I myself have only been using 7-Zip for the past 2 to 3 years it has none the less been around since the latter part of 2001.

What now follows is an example of how to use the Mcrypt encryption function that is part of the PHP scripting language. In order to use Mcrypt with PHP you will need to include the mcrypt library files by editing the php.ini file accordingly.

If you need a primer in what the Mcrypt function is capable of performing I suggest you check out http://us.php.net/manual/en/book.mcrypt.php as I will only be providing an example on how to use the encryption and decryption functionality.

The encryption function used is simply called - mcrypt_encrypt
The decryption function used is simply called - mcrypt_decrypt

Here's an example PHP script that performs both the encryption and decryption function in the same script so you can see it at work.


<?php
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = hash ("md5", "It's all just apples and oranges.");
$text = "The quick brown fox jumps over the lazy dog.";
echo "<p><b>Initialization Vector Size = </b>" .$iv_size." characters</p&gt";
echo "<p><b>Initialization Vector = </b>" .$iv ."</p>";
echo "<p><b>KEY (Password Used after MD5 Hash) = </b>" .$key. "</p>";
echo "<p><b>Plain Text String Length = </b>" .strlen($text) . " characters</p>";
echo "<p><b><u>Plain Text = </u></b><font color='blue'>" .$text."</font></p>";
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
echo "<p><b>Encrypted Text String Length = </b>".strlen($crypttext) . " characters</p>";
echo "<p><b><u>Encrypted Text = </u></b><font color='red'>".$crypttext ."</font></p>";
echo "<i>The Mcrypt_decrypt function pads out the RETURN STRING (decrypttext) with null characters '\0' to pad to the same block size as (crypttext), which is in this case 64 characters in length.</i><br>";
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $crypttext, MCRYPT_MODE_CBC, $iv);
$decrypted = rtrim($decrypttext, "\0");
echo "<p><b>Decrypted Text (decrypttext) = </b>" .$decrypttext . " - <i>With the nulls used to pad still present. These need to be trimmed off.</i></p>";
echo "<p><b>Decrypted Text (decrypttext) = </b>" .$decrypted . " - <i>With the nulls used to pad out the blocksize of the encrypted text removed.</i></p>";
?>


And here is the what the script returns:

Initialization Vector Size = 32 characters

Initialization Vector = $pÍ£Ûö¹Ôe¤º¨yr ízkO½Z6¨“szö

KEY (Password Used after MD5 Hash) = c54dcf123bf2548c7cdb862ef36e87e0

Plain Text String Length = 44 characters

Plain Text = The quick brown fox jumps over the lazy dog.

Encrypted Text String Length = 64 characters

Encrypted Text = ٍPKàoB,ãU0šÎmÑç{ÛîêPnëkèu¸–…ê`~ì÷Ni‡dݝ¹!ò×V@ˆKWH„õ„Ò
The Mcrypt_decrypt function pads out the RETURN STRING (decrypttext) with null characters '�' to pad to the same block size as (crypttext), which is in this case 64 characters in length.

Decrypted Text (decrypttext) = The quick brown fox jumps over the lazy dog.�������������������� - With the nulls used to pad still present. These need to be trimmed off.

Decrypted Text (decrypttext) = The quick brown fox jumps over the lazy dog. - With the nulls used to pad out the blocksize of the encrypted text removed.

As you step through the script (top) compare the output above for a self explanatory view of the results of each line. A basic understanding of PHP should be all that is required to grasp what is happening here.

Enjoy!

Quite some time ago I published on another site (http://www.teqhead.com) a flash-based tutorial on how to use TrueCrypt, the FREE open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux.

While the version I based the how-to on is a few releases behind now, the principle and the general functionality all remain the same.

You can choose to view on line by going to the following link: http://www.poscribes.com/files/truecrypt.swf

Or you can choose to download the external application for viewing in your own time, at the bottom of this post or here.

Enjoy!

Dave

This is a placeholder for the upcoming Multi-Factor Authentication Project.