StringEncryption.java
Copyright 2000, 2001 Jcorporate Ltd.
This class provides basic string encryption. It'll provide the services of
password whitening and automatic selection of encryption.
Known Vulnerabilities. The actual whitened password remains in memory for
performance sake. An attacker may find the actual password by looking at swap
files looking for Base64 encoded strings. (Not too hard to grep out) but it
requires an attacker to gain access to the swap partition of the server. Do not
use this class for a personal encryption program.
Byte Array Format Information:
An encrypted string has the following format:
Byte 0: File Version Number(whole number only)
Bytes 1-6: 3 character desgination for the encryption mode used. UTF-16 BE
Bytes 7-14/22: The 8/16 byte random input vector to the encrypted system.
Bytes 15+/23++ : The Actual Encrypted Data
author: Michael Rimov |