Cryptographic Analysis and Design in Password Storage

Application: A Developmental Approach

Table of Contents
1. Introduction
2. Developmental Methodology
3. Task Performed
4. Implementation
1. Introduction
The purpose of this project is to demonstrate the use of a cryptographic tool in the
encryption/decryption process in order to develop a password storage application system.
The system allows only the master user to access the application. Master user can add,
remove, update, display all stored id-password pairs through a certain key with user name
and password as shown as admin String Key having the administrator rights. The
application is a highly secure system designed so that no external user can read or edit the
database that may result in the loss of information for the system. In order to do so, a
cryptographic security based technique has been designed so that the message entered during
the administrator mode is encrypted in a text file stored using a secure code format and gets
decrypted first only when the user was to access the information.
1.1 Definitions, acronyms, and Abbreviations

1. Cipher coded or scrambled message in plain text format.

2. Encrypt (encode) - to convert plaintext to ciphertext using a cipher and a key
3. Decrypt (decode) - to decode ciphertext back into plaintext using a cipher and a key
4.

Key- confidential information or protocol information that represent information known

only to sender and receiver

5. Polyalphabetic Substitution Cipher a cipher that uses a key to select the letters of the
message from the 26 alphabets for different parts of the plain text.
6. Vigenere Cipher- cipher which utilizes a one-time pad that involves an arbitrarily long
nonrepeating sequence of numbers that are combined with the plaintext.

7. Data Encryption Standard (DES) a system developed for plaintext to be encrypted into
text strings after permutations and substitutions for the subscript list bit string using
among the 2^64 possible arrangements of 64 bits using key sizes of 56- bits . The keys
are actually stored as being 64 bits long whereby every 8th bit is left unused for bits
numbered 8, 16, 24, 32, 40, 48, 56, and 64.
2. Overall Description
This introduction is intended to give a brief overview of the Encryption Project for this term.
The following section will give background information that is necessary to fully understand
the functional and non-functional requirements of the system. All of the requirements of the
system will be stated, and each requirement must be testable.
2.1

Product Perspective

The ciphers that we are going to use are mono-alphabetic Caeser cipher. Specifically, for
these ciphers, encryption is accomplished by replacing each character in the plaintext
with a different letter in the ciphertext.

2.1.1 System Interfaces

The system is intended to interface with a single user at any given time in the administrator
mode. The user is able to interact with the system using a graphical user interface for add,
remove, update, display all stored id-password pairs as a Master in administrator mode of
operation.
2.1.2 User Interfaces
The user interface must provide the user an understandable and effective way for entering
attributes into the system. Java will be used to create the graphical user interface for the
system. Depending on the type of algorithm chosen, the user will also be given the option of
choosing various options for adding components using JFrame; for entering any value by the
user and selecting the password using JField and JPasswordField components respectively.
At the bottom of the interface is a text area represented by the JTextField that displays the
result of the cryptographic scheme or cipher text. Occupying the right side is a console area

that displays any output that will attempt to give the user some insight into how the
encryption schemes work.

3. Polyalphabetic Caeser Cipher

The user must be allowed to select the character mappings for each letter of the alphabet for each
character that appears in the plain text. To encrypt a message using this cipher, each character of
the clear text is shifted forward by k characters in the alphabet that is equivalent of the cipher
text. Likewise, during the decrypting of a message there is an immediate need for shifting each
character in the ciphertext backwards by k number of characters in the alphabet. Moreover, since
the alphabet of characters is a fixed-sized list, it is possible to shift off the end of the list.
Whenever this situation arises, the shift operation wraps around to the beginning of the
alphabet. To see how this cipher works, consider only the 26 uppercase letters of the English
alphabet. Furthermore, consider using the key value k= 5. The last 5 characters in this alphabet,
when shifted, are wrapped-around to the first five characters. So, the correspondence between the
cleartext and ciphertext characters
3.1 Java Code
Module
{ import java.io.*;
public class PolyAlphabetic
{
public static void main(String args[])throws Throwable
{
BufferedReader fu = new BufferedReader(new InputStreamReader(System.in));
System.out.println("Poly Alphabetic Cipher\n a b c d e f g h i j k l m n o p q r s t u v w x y z");
for(int i = 0; i < 26; i++)
{
System.out.print("\n" + (char)(i + 97) + " ");
for(int j = 0; j < 26; j++)
System.out.print((char)((i + j) % 26 + 97) + " ");
}
System.out.print("\n\n1.Encrytion\n2.Decryption\nUr Option ?");
int choice = Integer.parseInt(fu.readLine());
System.out.print("Enter the initial text : ");
String initial = fu.readLine().toLowerCase();
System.out.print("Enter the keyword : ");
String keyword = fu.readLine().toLowerCase();
String finale = "";
for(int i = 0; i < initial.length(); i++)
{
char c = initial.charAt(i);
int key = keyword.charAt(i % keyword.length()) - 97;

if(choice == 2) key = -key;

finale += Character.isLetter(c) ? (char)((c - 97 + key + 26) % 26 + 97) : c;
}
System.out.print("Final Text : " + finale);
}
}

3.2. Plaintext Input

The user must be able to enter a plaintext message that will be encoded by our software.

4.Results and Discussion

The administrator enters the username as a plaintext, left and right portions of the plaintext are
split into two and giving the corresponding left (inL), right (inR), and key (inK) depending on
the round. The outputs are outL which equals the input inR, and outR, which is the XOR
operation between the outputs. Additionally, the key parameter is an integer that specifies by how
many positions in the alphabet for each cleartext character should be shifted to produce its
ciphertext substitute for the value of k. This method must create a new array of char of the same
length as the cleartext that will hold the ciphertext. Each element of the cleartext array should be
copied into the same position in the ciphertext array, except that the character value inserted into
the ciphertext array must be the shifted equivalent of the corresponding cleartext character. When
every cleartext character has been copied and shifted into the ciphertext array, then a pointer to
that new array must be returned to the caller. Repeat the above process by opening
PolyAlphabetic.java except with the roles of cleartext and ciphertext inverted. Again, you should
leave unchanged the code provided in main() that reads and writes the ciphertext and cleartext
files. Of course your task for this decryptor program is to fill in the body of the decrypt() method.
Its signature is analogous to the signature for encrypt() , except with the roles of ciphertext and

cleartext inverted. That is, this method is passed an array that contains the ciphertext, as well as a
key k by which to reverse the shift of each character. The method is bound to return a newly
constructed array that contains the recovered cleartext.
4.1 Encryption Algorithm Selection
The user must be able to select the encryption mechanism to be used to create the ciphertext.
DES encryption key is derived and encrypted. A simple iterative test was desired, so that the only
storage requirements were the desired starting value, the desired ending value, and the number of
DES iterations to perform. Alternation of encryption and decryption was chosen in order to
exercise both modes equally.
4.2 Viewing Messages
4.2.1 Plaintext
The user must be able to view the plaintext message that he or she has input.
4.2.2Ciphertext
The user must be allowed to view the encoded ciphertext in one of a variety of forms that are
used in encodings today, mainly the ASCII standard, decimal, hexadecimal, and binary.
4.3 View Console
The user must be able to view any messages that will give them insight into the inner workings
of the particular encryption algorithm.

Reference

Cid, C. F. (2003) Cryptanalysis of RSA: A survey. 2003-06-15)[2010-10-28]. http://www. sans.

org/reading_ roonr/whitepapers/vpns/cryptanalysis-rsa-survey_1006.