Re: Using CryptoStream

Tech-Archive recommends: Fix windows errors by optimizing your registry

On Fri, 05 Dec 2008 02:10:12 -0800, Peter Morris <mrpmorrisNO@xxxxxxxxxxxxx> wrote:

You said:
As far as I know, the only reliable way to know for sure that a file has been encrypted is to try to decrypt it.

I said

True, but it would be better if it didn't even try to decrypt it if it can't possibly be encrypted (because the signature isn't there), it's faster.

So I was merely saying that a good additional thing to do is to sign the start of the file so that
A: You know it has already been encrypted
B: You don't bother spending time trying to decrypt something that cannot possibly be encrypted

What's the difference? Either way you have to look at something in the stream. The "time spent" trying to decrypt something that could be known to not be encrypted some other way is hardly a problem. As soon as the decrypted stream can be recognized as invalid, you're done.

The main difference is that you have to do this verification anyway, so the work to implement the code is already done, whereas adding a signature just adds to the code you have to include.

Are you the original poster?

I think you know I am not, on account we have different names and different IP addresses.

You are wrong about what I know and don't know. Several people that use this newsgroup post under a variety of email addresses. It's unfortunate, but it does happen. I can't keep track of who uses different aliases, and usually it doesn't matter.

When it does matter, it's simple enough to ask. Assuming the person is willing to answer the simple question simply, rather than making false claims about what I do or do not know.

If so, you're making conflicting statements. The original post said you are trying to avoid _encrypting_ something that's already been encrypted. If you're not the original poster, then it seems to me that your replies (which seem to imply that you are the OP) are confusing the issue.

Actually it was you who mentioned decrypting. I only said that the OP should consider attaching a signature to the front of the file in order to sign it.

I mentioned decrypting as the only reliable way to know whether you can avoid _encrypting_ something. Even if you can rely on the signature to know that you don't need to _decrypt_ something, that's not the same thing. Specifically, someone trying to prevent encryption could add a false signature to make it look like something's been encrypted when it hasn't been.

You have changed the problem description to a completely different problem: to know whether you can _decrypt_ the stream. That's not what the OP asked about, and by addressing the wrong problem, you are confusing the issue.

So if you think the thread started to diverge too much or conflict as a result of switching from encrypting to decrypting I think you need to find a mirror before casting an accusing finger :-D

Decrypting the stream is the only reliable way to know whether it's actually been encrypted or not. It's why I brought it up, and it's not what's causing the thread to diverge. My comments were focused on addressing the OP's question, while yours addressed a completely different question.

[...]
You are implying my approach is wrong, that really isn't very polite of you.

Huh? I'm _saying_ that your approach is wrong, no implying about it. And while I disagree that merely stating something as wrong is in and of itself impolite, if that's how you feel you're just going to have to deal with it. I don't get a bee in my bonnet when I've said something wrong and someone's pointed it out, not even when it was you that pointed it out.

You suggested decrypting it was the only accurate way of determining whether or not the file is already encrypted.

It is.

I merely suggested what I consider is an enhancement, by ensuring that the decryption fails immediately due to a missing signature rather than potentially getting some considerable way into a large file before realising it is invalid.

But your suggestion only adds work.

My approach wont help in all cases, but in 99.9% of them it would make it faster. Please do feel free to educate me and prove me wrong conclusively though, I like being educated.

See above.

Pete
.

Relevant Pages

  • Re: recompressing the deflate streams in a PDF
    ... public key cryptography involves an algorithm that uses two ... one for encrypting and another for decrypting. ... Anybody can then *decrypt* the signature using my public ...
    (comp.text.pdf)
  • RE: Problem while decrypting
    ... Decrypt will decrypt ANY GARBAGE ... in CBC mode a block error affects only two ... simple hash: attach the hash value of the original data at the end, ... > i was encrypting the data using the pass phrase. ...
    (microsoft.public.platformsdk.security)
  • ACT MASK DriveEncription Trashed My Drive
    ... ACT MASK DriveEncription Trashed My Drive ... for my number which I put in and my mistake was encrypting my drive ... DiskEncryption 4.01 Download ... decrypt it first, then update to 4.01 ...
    (microsoft.public.win2000.security)
  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... RA for that file and you will see that "Administrator is the RA. ... decrypt it. ... > RA though I rebooted the computer after encrypting the files and before ... >> private key, then create the RA? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: use Windows EFS to encrypt access .mdb file???
    ... Your backend database is MS Jet, ... I'm no expert on EFS, but I think that it causes data to be encrypted ... extra layers in the application (hence "Encrypting File System"). ... Finally, if your application needs a key in order to decrypt the data, ...
    (microsoft.public.access.security)