Windows – The Universal Code Breaker

by Alexandru Lungu 17. February 2011 23:47


Because both the system's privacy and the security of digital money depend on encryption, a breakthrough in mathematics or computer science that defeats the cryptographic system could be a disaster. The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers# (Bill Gates, The Road Ahead, 1995)

Actually, there is no need for breakthroughs; Bill Gates/Microsoft can “defeat the cryptographic system” by themselves with the simple formula:

+ Distributed computing = No cryptographic system##


Almost 90% of the world’s computers have a Windows version installed (which is more than ONE BILLION computers). All of these individual machines can be guided to a common goal by distributed computing implemented in Windows (which isn’t a hard thing to do).

And this can actually be done without you knowing. Because Windows is not a common application, it is an Operating System (a closed source operating system). And what it does inside it’s out of your reach.

Moreover this extends to updates also; 99.99% of Windows users have no idea what every update is supposed to do; and those who have, have no certainty that the update is exactly what Microsoft says it is.

So, Microsoft has the possibility to harness the power of almost all the computers in the world. 

Does it do it? And if it does, what for?


# To factor prime numbers is trivial (no matter how small or large they are). Gates probably meant to factor the product of large prime numbers (which is used in asymmetric cryptographic algorithms).

## I expressed the same idea more than five years ago on my previous blog in a post called “The” Code Breaker. I considered to be the time to reiterate the idea after reading this article: Debate Over Internet Backdoors Heats Up in Congress and in Court.

Tags: , ,



Cryptography Helper

by Alexandru Lungu 18. December 2010 18:29


Contains more than 50 extensions to Stream, byte[] and string that helps to encrypt/decrypt using symmetric and asymmetric algorithms and to compute hashes.

Most usual situation is when in the entire application you use the same algorithm and password to encrypt/decrypt or the same hashing algorithm and the same salt. In that case just set the DefaultSymmetricCryptoServiceProvider (any crypto service provider derived from SymmetricAlgorithm), DefaultRsaCryptoServiceProvider, DefaultHashSalt of the CryptoHelper class and this will be used when you use the extension methods without specifying the algorithm/salt/ password, etc like this:

encrypted = data.Encrypt();
decrypted = encrypted.Decrypt();

Otherwise you can use it like this:

string key = RandomPassword.Generate(32);
encrypted = data.Encrypt(key);
decrypted = encrypted.Decrypt(key);

Or like this:

string key = RandomPassword.Generate(32);
AesCryptoServiceProvider service = new AesCryptoServiceProvider();
service.KeySize = 256;
service.Key = Encoding.UTF8.GetBytes(key);

encrypted = data.Encrypt(service);
decrypted = encrypted.Decrypt(service);

data, encrypted, decrypted can be string/byte[]/stream.

Similar for RSA (but using RsaEncrypt/RsaDecrypt).

Protect/Unprotect uses current user credential to encrypt/decrypt so decryption won’t work outside the user context that did the encryption.

And for hash:

hash = data.ComputeHash(HashType.SHA512, "MySalt");

Everything should be strait forward to use it; you have also a good documentation.

ALungu.Security.dll (13.50 kb)
ALungu.Security.chm (217.15 kb)
ALungu.Security.zip (source code) (161.53 kb)

Tags: , , ,



How to Get the AES Encryption Key from a RSA+AES Encrypted XML

by Alexandru Lungu 21. November 2010 08:20

The scenario: the sender encrypts the xml using the AES symmetric algorithm and the key used by this algorithm is encrypted with the RSA public key of the receiver. Then when the receiver gets the document, uses its RSA private key to decrypt the AES key and with that key then decrypts the xml. All of this is made very easy by using the goodies from System.Security.Cryptography.Xml  and the numerous MSDN examples.

However, there are no examples on how to get the AES key. This is done internal automatically when invoking DecryptDocument of the EncryptedXml class. Probably because most of the time you don’t care about that key.

But there are times when getting that key can be very useful, for example you can use that key to encrypt the response message and avoid this way the need for the original sender to have a RSA private/public set of keys also; or to add that password to a banned list of passwords in order not to accept another message encrypted with an already used password, etc.

/// <summary>
/// Gets the AES encryption key from a RSA+AES encrypted xml.
/// </summary>
/// <param name="xmlDoc">The xml document sent by the sender (encrypted).</param>
/// <param name="rsa">The RSACryptoServiceProvider (contains the private key of the receiver) wich will be used to decrypt the key with the name "keyName".</param>
/// <param name="keyName">The name of the key.</param>
/// <returns>The Aes key as a byte array.</returns>
public static byte[] GetAesKey(XmlDocument xmlDoc, RSACryptoServiceProvider rsa, string keyName)
    //Treat the xmlDoc as encrypted xml.
    EncryptedXml encryptedXml = new EncryptedXml(xmlDoc);
    //link the name of the key we want to get to the algorithm used to decrypt
    encryptedXml.AddKeyNameMapping(keyName, rsa);

    //find the node encrypted
    XmlNodeList encryptedElements = xmlDoc.GetElementsByTagName("EncryptedData");
    if (encryptedElements.Count == 0)
        return null;
    XmlElement encryptedElement = (XmlElement)encryptedElements[0];

    //load the encrypted node
    EncryptedData eData = new EncryptedData();

    //finally gettting the key
    SymmetricAlgorithm aes = encryptedXml.GetDecryptionKey(eData, eData.EncryptionMethod.KeyAlgorithm);
    return aes.Key;

Note: There are some msdn examples about encrypting and decrypting with bugs - example here. If you use that code, when decrypting  you’ll get Unable to retrieve the decryption key. This is because the encryption key never goes into the encrypted xml.  The statement “edElement.KeyInfo = new KeyInfo();” from the Encrypt method overrides the key; move it before the previous statement or you just delete it (it is already initialized in the constructor).

Tags: , , , , ,


Powered by BlogEngine.NET
Original Design by Laptop Geek, Adapted by onesoft