cwCrypto - Beta Testing release 2

Discussion in 'privacy technology' started by Capp, Aug 6, 2010.

Thread Status:
Not open for further replies.
  1. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Hey guys,

    We have prepared release 2 for our Beta software cwCrypto.

    The program still offers 5 different methods of encryption and still uses CBC with a randomized IV.

    Original Thread

    *Updates*

    1) We removed the option to select "# of times" to encrypt a message, leaving it to be encrypted a single pass of the chosen method.

    2) The program now features SHA256 for message authentication (MAC). The message is encrypted with the chosen method, then hashed with SHA256, and finally converted to Hex.
    When trying to decrypt a message, the message hash is compared to the original hash used when encrypting. If the 2 match, then it begins the decryption process. If not, it aborts.

    3) Small updates to links and tooltips for better usability.


    We appreciate all the feedback from the original article to help us improve the software and make it more secure.


    Name: cwCrypto
    version: 1.0 Beta
    Date: 08/06/2010
    Site: http://capp-ware.com/software/cwcrypto/
    Download: http://capp-ware.com/cwcrypto/cwcrypto-setup.exe
    Support: http://forums.capp-ware.com
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Well, if you are interested in helping us, all you have to do is just download the software and play with it. If you find any bugs, glitches or problems, let us know and we'll fix them.

    Or if you have any suggestions to make it better or more user friendly, we definitely want to hear it.

    When the final software is released, it will be free, so no registration required or anything.

    Thanks
     
  3. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Be careful here. Simply computing SHA-256 on ciphertext isn't the proper way to go about a MAC; it's insecure and will set you up for length extension attacks. The proper way to get around all of this is to use HMAC with SHA-256 as the underlying primitive. See RFC 4868.
     
  4. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Thanks Justin and per our conversation, I will clarify here.

    cwCrypto uses HMAC-SHA-256 for message authentication as per this article.
     
Loading...
Thread Status:
Not open for further replies.