4
zemaitis
72d

Looking for a way to generate an encrypted string (with salt) in C++ then send that string over to a java server and decrypt it on java as well. Any suggestions?

Comments
  • 3
    Algorithms aren't language dependent.
    Find a secure one you like and implement it twice.
  • 7
    @Root 2nd rule of crypto: don't implement it yourself.
  • 6
    @zemaitis No, really. 1st rule of crypto is "don't roll out your own crypto", and 2nd is "don't implement it yourself". Find some reputable known-good libs and use them.

    Here's a cheat sheet you can use: https://gist.github.com/tqbf/...
  • 1
    @zemaitis With? Choices?
    Bcrypt comes to mind.

    If you prefer large integers instead, I hear GPG is so nice that it's been banned in a few places.
  • 0
    Bouncycastle. Or smth from jdk libs. BC has a vide variety of algo implementations.

    Dunno about c++. You can always use the same BC via JNI.

    Since you are building a secret spaceship we have no details of - not much we can do.
  • 1
    AES? Probably the simplest option.
  • 0
    I would def go for AES unless you have some fancy requirements
  • 0
    I read somewhere that there was a huge security hole with pre-rolled solutions. It had something to do with people never changing the encryption primes. This caused most software that used certain libraries to have predictable primes being used and reduced the solution set considerably. This was so prevalent that governments invested in solving for those primes so they could backdoor anything that used those.

    So is changing the primes a thing in modern encryption libraries? Or is it more complicated than that?
  • 2
    Use standard libraries. Find one which exists in C++ and in Java.

    @Root I don't think implementing it your self is a good idea
Add Comment