Thread: Advice on securing a sensitive Access database
View Single Post
  #27  
Old May 19th, 2008, 09:37 AM posted to microsoft.public.access.forms,comp.databases.ms-access
The Frog
external usenet poster
  
Posts: 10
Default Advice on securing a sensitive Access database
Hi Les,

I just want to make sure I understand this correctly so that I can
answer properly. What I think you are saying is that when using the
same (I am assuming AES) key to encrypt some text / data, that you are
seeing different outputs in different parts of the program.

If this is the case I suspect that the source of this lies in the
string / plaintext to byte conversion (and possibly the reverse also).
Theoretically the operation to encrypt (without padding) should
produce the same result for the same text / data each time it is done
if using the same key.

Things to check for are these:
1/ Are the keys being used actually the same
2/ Is the data decrypting properly
3/ If you are operating the code "By Hand" in the editor and encrypt
something does the result match the same when using the application
4/ Are the sections of code that are used to encrypt and decrypt the
same? (ie/ is the process and encryption / decryption methods being
used the same)
5/ Does the data decrypt properly?
6/ Is the source (plaintext) exactly the same when doing the testing.

The most common issue I have come across was the conversion of the
plaintext to a bytearray was producing different bytearrays. As it
turnded out the code that was feeding the plaintext to the encryption
algorithm was actually producing different plaintexts that looked the
same on screen (so to speak) but were in fact different. This came in
my case from some simple data type conversions that I wasnt handling
properly. The root cause was the variant data type being used to house
the plaintext instead of a string. When dealing with numbers in
particular it caused issues. Using strict data types eliminated the
problem.

Aside from that, the only other thing that I could think of is that
there may be an issue with the algorithm implementation itself. If you
like we can try and beat the source code to death to see if there are
any uncooperative lines of code :-) Please understand I am not asking
to post your proprietary code here or data, just the algorithm
implementation code so that if you think we need to dissect it we can.

Please keep me posted, and try the "By Hand" testing with the same
data multiple times to see if you get the same strange behaviour.

Cheers

The Frog