EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Converting from TurboPower LockBox

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#31327
Posted: 11/05/2014 06:33:09
by Rickard Hultgren (Standard support level)
Joined: 10/11/2013
Posts: 17

We have some encryption done with TP LockBox, that we would like to convert using SBB. But I am a bit lost where to begin.

Could you give me some hint on how to replace a function like this?

Code
function CryptAStr(const AStr, AKey: string): string;
var
  FKey: TKey128;
begin
  GenerateMD5KeyW(FKey, AKey);
  RDLEncryptStringCBCW(AStr, Result, FKey, SizeOf(FKey), True);
end;
#31328
Posted: 11/05/2014 06:53:16
by Eugene Mayevski (EldoS Corp.)

Thank you for contacting us.

Do you need a function with similar functionality or a function with identical result?


Sincerely yours
Eugene Mayevski
#31329
Posted: 11/05/2014 06:55:50
by Rickard Hultgren (Standard support level)
Joined: 10/11/2013
Posts: 17

Identical result, to be able to encrypt/decrypt existing data.
Thanks a lot!
#31340
Posted: 11/05/2014 07:47:01
by Eugene Mayevski (EldoS Corp.)

Vsevolod will make a sample for you, meanwhile I'd like to note, that the scheme I see doesn't seem to be secure. Nowadays nobody uses MD5 to derive the key from the password (this can be hacked quite easily). Key Derivation Functions are used instead (SecureBlackbox supports BCrypt and PBKDF2 functions).


Sincerely yours
Eugene Mayevski
#31341
Posted: 11/05/2014 07:57:21
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Eugene, but I can add some secret INFO to the password make a string and make a MD5 Hash from that string. Why should this not be secure? YOu can not calculate the string from MD5 backwards. thanks
#31343
Posted: 11/05/2014 08:46:11
by Eugene Mayevski (EldoS Corp.)

Use of hash algorithms in a straightforward way allows easy brute-force attack, and the salt doesn't matter much here - salt helps mainly against dictionary attacks. KDF functions make key derivation much slower, thus making brute-force attacks much less effective (and much slower). Also rainbow tables can't be used then (or their use is limited).

I think that if you search security.stackexchange.com you will find similar questions discussed with specialists all the time there.


Sincerely yours
Eugene Mayevski
#31344
Posted: 11/05/2014 08:47:52
by Vsevolod Ievgiienko (EldoS Corp.)

RDLEncryptStringCBCW function uses CBC padding mode that is not currently supported by SecureBlackbox. We'll consider implementing it until the next build.
#35674
Posted: 01/25/2016 05:49:03
by Dan Olsson (Standard support level)
Joined: 01/25/2016
Posts: 5

Quote
Vsevolod Ievgiienko wrote:
RDLEncryptStringCBCW function uses CBC padding mode that is not currently supported by SecureBlackbox. We'll consider implementing it until the next build.


Hello!
I'm just wondering if this is implemented?
If implemented is it possible to get a Delphi/VCL demosample application with the code or a hint on which functions to use to get the desired result?

Best regards
//Dan
#35675
Posted: 01/25/2016 06:00:16
by Eugene Mayevski (EldoS Corp.)

Dan, this mode should be supported according to our history of changes.

I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period. We also offer Premium support for a purchase from https://www.eldos.com/support/calc.php . You can use Premium Support to get higher level of assistance during your evaluation of our products.


Sincerely yours
Eugene Mayevski
#35678
Posted: 01/25/2016 07:41:39
by Dan Olsson (Standard support level)
Joined: 01/25/2016
Posts: 5

Quote
Eugene Mayevski wrote:
Dan, this mode should be supported according to our history of changes.

I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period. We also offer Premium support for a purchase from https://www.eldos.com/support/calc.php . You can use Premium Support to get higher level of assistance during your evaluation of our products.



Hello Eugene

We have a Company Vendor License (Almasoft AB)

Is that the number I'm supposed to register on my account or are my administrator supposed to do it??

Best regards
//Dan
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 2319 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!