private void EncryptFolder() { var folder = GetFolder(); if (string.IsNullOrEmpty(folder)) { return; } var password = ShowPasswordEnter(); if (string.IsNullOrEmpty(password)) { return; } var files = Directory.GetFiles(folder, "*.*", SearchOption.AllDirectories); // BUG 1: Key derivation should not be performed outside a foreach block that is using its return value. // Otherwise all operations in this loop have the same encryption key var keyData = WeakPasswordDerivation.DerivePassword(password); foreach (var file in files) { if (!File.Exists(file)) { continue; } EncryptionCryptoWrapper.EncryptFile(new FileInfo(file), keyData.Key, keyData.Salt); } MessageBox.Show("Successfully encrypted"); }
public void EncryptDecryptManual() { var message = "This is a secret Message"; var data = WeakPasswordDerivation.DerivePassword("password"); var cipherText = EncryptionCryptoWrapper.EncryptMessage(message, data.Key, Encoding.UTF8); var decryptedMessage = EncryptionCryptoWrapper.DecryptMessage(cipherText, data.Key, Encoding.UTF8); Assert.AreEqual(message, decryptedMessage); }
public void PasswordKeyOnceTheSame() { var salt = new byte[] { 88, 144, 21, 224, 8, 102, 122, 218 }; var key = new byte[] { 172, 19, 215, 234, 237, 198, 102, 232 }; var data = WeakPasswordDerivation.DerivePassword("Password"); Assert.AreEqual(WeakCryptoConfig.SaltSizeBytes, data.Salt.Length); Assert.AreEqual(WeakCryptoConfig.KeySizeBytes, data.Key.Length); Assert.AreEqual(true, data.Salt.SequenceEqual(salt)); Assert.AreEqual(true, data.Key.SequenceEqual(key)); }
public void EncryptEncryptEqual() { var message = "This is a secret Message"; var password = "******"; var cipherText1 = EncryptionCryptoWrapper.EncryptMessage(message, password, Encoding.UTF8); var data = WeakPasswordDerivation.DerivePassword(password); var cipherText2 = EncryptionCryptoWrapper.EncryptMessage(message, data.Key, Encoding.UTF8); Assert.AreNotEqual(cipherText1, cipherText2); }
private void OnStartUp(object sender, StartupEventArgs e) { var wm = IoC.Get <IWindowManager>(); var passwordModel = IoC.Get <EnterPasswordViewModel>(); var m = new WindowManager(); m.ShowWindow(IoC.Get <MainWindowViewModel>()); wm.ShowDialog(passwordModel); var hash = WeakPasswordDerivation.StringToHash(passwordModel.Password); if (hash == null || !hash.Equals(WeakCryptoConfig.Password, StringComparison.InvariantCultureIgnoreCase)) { Execute.OnUIThread(() => Current.Shutdown()); } }
private void DecryptFolder() { var folder = GetFolder(); if (string.IsNullOrEmpty(folder)) { return; } var password = ShowPasswordEnter(); if (string.IsNullOrEmpty(password)) { return; } var files = Directory.GetFiles(folder, "*.falsecrypt", SearchOption.AllDirectories); // NOT A BUG for itself: The weakness of using the same key foreach file was caused by the encryption. // The decryption methods just matches contract the encryption sets var keyData = WeakPasswordDerivation.DerivePassword(password); foreach (var file in files) { if (!File.Exists(file)) { continue; } try { EncryptionCryptoWrapper.DecryptFile(new FileInfo(file), keyData.Key); } catch (Exception e) { MessageBox.Show("Wrong password"); return; } } MessageBox.Show("Successfully decrypted"); }