Unexpected termination

[andrey_zh]

I've talked about some different things:

The 1st one is explained by JVene. You could use OS services.
By the way, I have a question to JVene: Are you sure about XP and Vista? It seems, XP has some improvement in it's security system( NTFS5 vs NTFS4 on Win2K).

To Igeru: what encryption algorithm are you using? I've read some of your older threads and pointed that you read your file byte after byte. It seems to be not the best method, read file by larger chunks and naturally use a standard cipher. Look at some publicly available encryption algorithms. Also have a look at this: http://www.cryptopp.com/

If you're implementing a kind of Caesar's cipher, it still would be better to use an OS services.

The 2nd is the following:

You are going to store some data in encrypted file. How are you going to use it? Are you going to store some settings there or you are writing a scrambling utility for user's files?

[JVene]

andrey_zh,

Yes, I'm sure. The 'attack' is performed using a utility, which can be placed on a USB key if the machine boots from the key, or CD - the 'blanking' of the administrator password is performed from outside the operating system, after which XP and Vista actually perform as though the administrator has signed in, all files are available.

Tests show Windows 7 is similarly vulnerable, though the specifics differ slightly.

Put another way, from a simple theoretical viewpoint, if the keys for decrypting a file are owned and controlled by the operating system, then any attack that gains control of that OS open these files to decryption, and no OS is more "researched" for vulnerabilities than the Windows family.

On the other hand, if the encryption approach involved large keys stored external to the OS (a USB key, for example), then attacking the OS itself is of no value toward decrypting the files.

[Igeru]

Well actually, although my knowledge in c++ programming (and programming in general- only a minor hobby of mine) isn't much (as you both clearly see), I have a solid background regarding encryption, mostly Mathematical, and a few month of reserch I've done, so in this sense I ok
I know I published many questions lately, where I din't give the whole picture each time (dropped out the non relevant stuff to the programming itself), but thanks anyway for your advice, by the way Im not encrypting byte by byte and using a uniqe algorithm, trying to combine some encryption algorithms, some one-way functions, hash functions, salt data, cipher-blocks encryption and purhaps adding some elliptic curves to the whole deal..

But in the programming level you are all helping me so much, so thanks!

andrey_zh, to your question, Im scrambling the file's bits and not saving any new data regarding the encryption procces to the file (although Im cheking a good way to salt the file, and maybe when I'll get to the ecc this thing will change)..

JVene, after you did the research for the company, you both agreed that the OS encryption utility is NOT enough, right? the independent encryption softwares are crucial... right?

cheers

[JVene]

...after you did the research for the company, you both agreed that the OS encryption utility is NOT enough, right? the independent encryption softwares are crucial... right?

It's surprising how many consumers aren't at all conscious of the nature of encrypting data in the first place.

For those even aware, the consumer thinks the OS encryption feature is sufficient, as long as their password is safe.

If the consumer can be sufficiently educated on this point, or if you find a consumer that is, then yes, they'll easily realize the encryption feature within the OS is nearly useless.

Not just from the standpoint that it is not secure, but if the OS itself gets trashed, they may never be able to recover the encrypted data stored by the OS.