I tried AESCrypt.java in my Android application. NetworkInterface.getHardwareAddress() call does not exist in the Android Java library, so I have commented that code and use DEFAULT_MAC as mac. It works fine in my application. I have passed version 2 in encrypt function.
But in this forum there is a question about "Android Version?". In that topic it is written that this AESCrypt is not for android application.
If I use this way in android application then is there any chances of problem?
And currently it is very slow to encrypt and decrypt the file in android ?
Any help....
AESCrypt for Android
-
paulej
- Posts: 593
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt for Android
The getHardwareAddress() call is only to help in the creation of a random initialization vector. It is good to have something random, but use of a MAC address is not random. Use of a fixed value is worse. The function attempts to make it random by also using the current time and then hashing the MAC and time. You could replace the call to get the MAC address with a call to Math.random()*256 or similar to get a random byte between 0 and 255. Do that 8 times (to fill up the IV array), with the time consuming the other 8 octets. Pseudo-random number generators are not ideal, but still better than a fixed value. Of course, hash it to make it even more obscure. (Note: the IV does not have to be random and it's certainly not secret. It's published in the clear. That said, we do not want to use the same IV all the time, either, as this would help one launch an attack knowing certain fixed values and results.)
As for performance, I'm not sure. Can you identify what is consuming the CPU? If it's the call to Java's AES routines, there is nothing we could do. If it is in the AES Crypt Java code, then we could address that.
As for performance, I'm not sure. Can you identify what is consuming the CPU? If it's the call to Java's AES routines, there is nothing we could do. If it is in the AES Crypt Java code, then we could address that.
Re: AESCrypt for Android
Because using a fixed value (like DEFAULT_MAC) is not desirable, in generateIv1() I replaced
"mac = DEFAULT_MAC;" with
"mac = generateRandomBytes(8);"
I incorporated AESCrypt.java into an Android program that I wrote for myself to decrypt small (<1MB) text files and speed has not been a problem for me.
"mac = DEFAULT_MAC;" with
"mac = generateRandomBytes(8);"
I incorporated AESCrypt.java into an Android program that I wrote for myself to decrypt small (<1MB) text files and speed has not been a problem for me.
Re: AESCrypt for Android
Thanks for the reply. I have replaced the "mac = generateRandomBytes(8);" instead of fixed DEFAULT_MAC. In my PC run java program from command line, it takes only a second to encrypt or decrypt file but in android application it takes 7-10 seconds to encrypt or decrypt files (<255 KB). I have notice that it takes time to generate AESKey1. Because it have to be update MessageDigest 8192 times.
Is this difference due to processor of phone?
And is there any another option instead of this loop ? or Is there any other number (<8192) for this "for loop limit", so we can reduce some time?
Is this difference due to processor of phone?
And is there any another option instead of this loop ? or Is there any other number (<8192) for this "for loop limit", so we can reduce some time?