Transfering Sensitive Data Over Rednet: FTPserver/client

Creator #1

2679 posts

Location You will never find me, muhahahahahaha

Posted 12 February 2015 - 02:37 PM

Hi guys,

I'm working on a FTP program. The question is, how do I send a password to the FTPserver without anyone else being able to see it if it is for registration. The connection is wireless and happens through this protocol: IPnet, check out the topic in APIs & Utilities.

SHA would not work because the server has never had acces to the password before.

Thanks,
Creator.

KingofGamesYami #2

3057 posts

Location United States of America

Posted 12 February 2015 - 03:38 PM

Make something similar to RSA.

Edit: Fixed link

Edited on 12 February 2015 - 02:40 PM

Creator #3

2679 posts

Location You will never find me, muhahahahahaha

Posted 12 February 2015 - 03:49 PM

KingofGamesYami, on 12 February 2015 - 03:38 PM said:
Make something similar to RSA.

Edit: Fixed link

Yep, but in Lua.

Thanks anyway:)

KingofGamesYami #4

3057 posts

Location United States of America

Posted 12 February 2015 - 04:01 PM

I did a google search, found this in two minutes.

Creator #5

2679 posts

Location You will never find me, muhahahahahaha

Posted 12 February 2015 - 04:50 PM

KingofGamesYami, on 12 February 2015 - 04:01 PM said:
I did a google search, found this in two minutes.

Thanks.

I googled before asking but didnt find anything meaningfull

MKlegoman357 #6

1140 posts

Location Kaunas, Lithuania

Posted 12 February 2015 - 07:44 PM

KingofGamesYami, on 12 February 2015 - 04:01 PM said:
I did a google search, found this in two minutes.

But this implementation requires a C library which would be impossible to load in CC. Sadly, other implementations of RSA in Lua I've seen also used a C library.

EDIT: hmm, after about ten seconds of googling I found this. It's basically a BigInt library written in pure Lua which, if I understand correctly, allows to implement the RSA algorithm. You could try modifying it to see if you get any results and if it's not too slow for a CC computer.

Edited on 12 February 2015 - 06:51 PM

HPWebcamAble #7

957 posts

Location Web Development

Posted 13 February 2015 - 04:58 AM

This system made the most sense to me. Making functions for it in Lua shouldn't be hard.

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

MKlegoman357 #8

1140 posts

Location Kaunas, Lithuania

Posted 13 February 2015 - 01:22 PM

HPWebcamAble, on 13 February 2015 - 04:58 AM said:
This system made the most sense to me. Making functions for it in Lua shouldn't be hard.

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

This is one of the only good key exchange mechanisms out there. But, sadly, as tested with the library I found it takes about 1-2 minutes just to encrypt a message, although decryption is very fast. It's slow mainly because Lua code in CC runs in a LuaVM which is written in Java which runs in JavaVM which is running on windows/mac/linux which at the end is very slow. That's the reason there's really no pure Lua implementations of RSA. A C implementation runs faster because it runs on native code directly, without any VM in between.

Bomb Bloke #9

Bomb Bloke's profile picture

7083 posts

Location Tasmania (AU)

Posted 13 February 2015 - 10:21 PM

Got a paste of the exact code you used? It's not calling sleep(0) or something like that, is it?

If it can be reduced down to, say, a quarter of that time, I'd consider it quite viable.

HPWebcamAble #10

957 posts

Location Web Development

Posted 13 February 2015 - 11:59 PM

MKlegoman357, on 13 February 2015 - 01:22 PM said:
I found it takes about 1-2 minutes just to encrypt a message, although decryption is very fast.

I haven't tried yet but this is what I was going to do:

Use D-H to create a key (the common number)

Use the common number as a symmetric key.

This wasn't what you were already doing was it

AgentE382 #11

AgentE382's profile picture

131 posts

Posted 15 February 2015 - 07:10 AM

Some months ago, I implemented Diffie-Hellman in Lua as a side project. I never used it for anything, or polished it up for distribution. But, I used this BigInt library: https://bitbucket.org/AgentE382/bigintlua

My fork has some fixes. The author (Lua-porter, actually) obviously never tested his code with multiplying numbers several hundred digits long.

MKlegoman257, I have no idea what you mean by 1-2 minutes to encrypt a message, since I have no idea how long the messages are or what algorithm you used. But, I remember my implementation took less than 10 seconds to establish a common secret, then I used RC4 as the actual encryption algorithm (check out the implementation in my signature; it's wicked fast).

MKlegoman357 #12

1140 posts

Location Kaunas, Lithuania

Posted 15 February 2015 - 11:16 AM

Bomb Bloke, on 13 February 2015 - 10:21 PM said:
Got a paste of the exact code you used? It's not calling sleep(0) or something like that, is it?

If it can be reduced down to, say, a quarter of that time, I'd consider it quite viable.

HPWebcamAble, on 13 February 2015 - 11:59 PM said:
MKlegoman357, on 13 February 2015 - 01:22 PM said:
I found it takes about 1-2 minutes just to encrypt a message, although decryption is very fast.

I haven't tried yet but this is what I was going to do:

Use D-H to create a key (the common number)

Use the common number as a symmetric key.

This wasn't what you were already doing was it

AgentE382, on 15 February 2015 - 07:10 AM said:
Some months ago, I implemented Diffie-Hellman in Lua as a side project. I never used it for anything, or polished it up for distribution. But, I used this BigInt library: https://bitbucket.org/AgentE382/bigintlua

My fork has some fixes. The author (Lua-porter, actually) obviously never tested his code with multiplying numbers several hundred digits long.

MKlegoman257, I have no idea what you mean by 1-2 minutes to encrypt a message, since I have no idea how long the messages are or what algorithm you used. But, I remember my implementation took less than 10 seconds to establish a common secret, then I used RC4 as the actual encryption algorithm (check out the implementation in my signature; it's wicked fast).

Sorry for this long delay. I used the test program that was included in the bigint library I found.

EDIT: also, it was ran on a standalone Lua interpreter on a slow device. Running on my faster computer it can encrypt in about 50 seconds, which is still too much.

Edited on 15 February 2015 - 10:25 AM

Creator #13

2679 posts

Location You will never find me, muhahahahahaha

Posted 20 February 2015 - 02:31 PM

AgentE382, on 15 February 2015 - 07:10 AM said:
Some months ago, I implemented Diffie-Hellman in Lua as a side project. I never used it for anything, or polished it up for distribution. But, I used this BigInt library: https://bitbucket.or...tE382/bigintlua

My fork has some fixes. The author (Lua-porter, actually) obviously never tested his code with multiplying numbers several hundred digits long.

MKlegoman257, I have no idea what you mean by 1-2 minutes to encrypt a message, since I have no idea how long the messages are or what algorithm you used. But, I remember my implementation took less than 10 seconds to establish a common secret, then I used RC4 as the actual encryption algorithm (check out the implementation in my signature; it's wicked fast).

Can you post a link to the project or at least explain how the primitive root modulo works because I don't get it.

HPWebcamAble #14

957 posts

Location Web Development

Posted 20 February 2015 - 04:50 PM

creator, on 20 February 2015 - 02:31 PM said:
how the primitive root modulo works because I don't get it.

Same. But you don't need to. Here is a short program I wrote that allows two computers to calculate a 'shared number'. That number could be used for symmetric encryption.

If you want to try the program yourself, place two computers with wireless modems on top somewhere near each other. Then copy this program to each and run it.

Spoiler


local channel = 1
local prime = 625210769
local primeRoot = 11

m = peripheral.wrap("top")
m.open(1)

function baseToPowerMod(base,power,modulus)
  --This function was taken from Anavrins' Diffie-Hellman proof of concept
  --Full code here:http://pastebin.com/H3kZHZBA
  local remainder = base
  for i = 1, power-1 do
    remainder = remainder * remainder
    if remainder >= modulus then
      remainder = remainder % modulus
    end
  end
  return remainder
end

print("Calculating secret number...")
local secretNum = math.random(100,999)
print("Done")

print("Calculating public key...")
local public = baseToPowerMod(primeRoot,secretNum,prime)
print("Done")

print()
print("Secret Number:"..secretNum)
print("Public Calc:"..public)

print()
print("Waiting for other computer...")
m.transmit(1,os.getComputerID(),{"sec","publicNum",public})
while true do
  local event,p1,p2,p3,p4,p5 = os.pullEvent("modem_message")
  if type(p4) == "table" and p4[1] == "sec" and p4[2] == "publicNum" then
    m.transmit(1,os.getComputerID(),{"sec","publicNum",public})
    print("Recieved public key from Computer ID "..p3)
    local sharedNum = baseToPowerMod(p4[3],secretNum,prime)
    print("Shared number:"..sharedNum)
    break
  end
end

m.closeAll()

Technically, the program never needs to calculate a primitive root, so you don't need to understand it.
If you want to quickly get one, here is a website that calculates primitive roots: http://www.bluetulip.org/programs/primitive.html

Also, if you don't get this you probably won't get AgentE's RC4 program (I certainly don't understand his), but here is the link to it:
http://www.computercraft.info/forums2/index.php?/topic/14028-rc4-encryption-decryption-functions/

AgentE382 #15

AgentE382's profile picture

131 posts

Posted 21 February 2015 - 03:37 AM

As far as my RC4 encryption function, just copy-and-paste the rc4dropn function into the top of your file. Then, establish the secret number as above. Then, set up the stream like this:

cipher = rc4dropn(tostring(sharedNum), 512)

To encrypt data, just do this:

encrypted = cipher(tostring(data))

or

encryptedTable = cipher(textutils.serialize(dataTable))

Finally, transmit that encrypted data how you normally transmit unencrypted data.

On the receiving end, establish the secret number the same, set up the cipher the same, receive the encrypted data as normal, then do this:

decrypted = cipher(encrypted)

or this:

decryptedTable = textutils.unserialize(cipher(encryptedTable))

Be sure to decrypt everything in the same order as you encrypt it (not reverse order), or else it won't decrypt properly.

Edited on 21 February 2015 - 02:39 AM

safetyscissors #16

safetyscissors's profile picture

24 posts

Posted 21 February 2015 - 05:55 AM

if the purpose is just to make the password unseeable and not cryptographically strong, does it need rsa?

Encryption can be super simple like xor.
password xor key = encrypted
encrypted xor key = decrypted

Obfuscation can be just as anti-human as encryption. Maybe randomly split password bytes into several packets sent in a agreed upon order. So all packets would need to be sniffed in order to attempt rebuilding a password.

HPWebcamAble #17

957 posts

Location Web Development

Posted 21 February 2015 - 07:10 AM

AgentE382, on 21 February 2015 - 03:37 AM said:
As far as my RC4 encryption function, just copy-and-paste the rc4dropn function into the top of your file. Then, establish the secret number as above. Then, set up the stream like this:
cipher = rc4dropn(tostring(sharedNum), 512)
To encrypt data, just do this:
encrypted = cipher(tostring(data))
or
encryptedTable = cipher(textutils.serialize(dataTable))
Finally, transmit that encrypted data how you normally transmit unencrypted data.

On the receiving end, establish the secret number the same, set up the cipher the same, receive the encrypted data as normal, then do this:
decrypted = cipher(encrypted)
or this:
decryptedTable = textutils.unserialize(cipher(encryptedTable))
Be sure to decrypt everything in the same order as you encrypt it (not reverse order), or else it won't decrypt properly.

That is a GREAT explanation. Maybe consider putting that in the documentation, because it really doesn't say how to use the program there.

Edit: It does kind of say this at the top of the program, but this is much clearer

Edited on 21 February 2015 - 06:11 AM

Anavrins #18

Anavrins's profile picture

756 posts

Posted 21 February 2015 - 07:18 AM

HPWebcamAble, on 20 February 2015 - 04:50 PM said:
print("Calculating secret number…")
local secretNum = math.random(100,999)
print("Done")

You'll want to use bigger numbers than that, it would trivial to crack it within CC with such small numbers.
I've got (1000000, 9999999) working well before and should be pretty resilient to most unwilling adversaries.

HPWebcamAble #19

957 posts

Location Web Development

Posted 21 February 2015 - 08:11 AM

Anavrins, on 21 February 2015 - 07:18 AM said:
it would [be] trivial to crack it within CC with such small numbers.

Very true, this was really just a proof of concept