Next Previous Contents

4. KFileCoder internals

In this section, we will see how KFileCoder works to encode and decode files, what passwords are used...

4.1 The password

When the user enter the password, its size is at least 6 bytes. This work is done by int KFileCoderApp::askPassword(BYTE *szDestPass). But KFileCoder use 128 bits passwords. Then the first work is to calculate a 128 bits key from the first password, with the void makePasswordLength(BYTE *cDestPass, DWORD dwPassLen, const BYTE *cSrcPass, DWORD dwOldPassLen) function. Then, this function hashes the 128 bits password with PSCHF, using a constant key. This allows to obtain two very different password from two passwords with many common bytes. For example, the hash produced with the AAAA password is really different than the hash produced by the AAAAA password. Then, only the truth password will success in decoding data.

This 128 key is named The user password.

4.2 A key for each file

KFileCoder can encode many files in an archive. But it don't use the same password to encode all files. In deed, if a hacker could calculate the password used to encode a file, he would be able to decode all files. To increase the security, KFileCoder calculates a password for each file of the archive. This is done, when adding a file to the archive, in the addFile function.. We will study how it works now:

To calculate the file password (the password used to encode an only file), KFileCoder use a 128 random number. This random number cFileKey is calculated with the generateRandomNumber(BYTE *cMixer) function. We just have to pass a pointer to the 128 bits buffer where to write the random number. Then, KFileCoder hashes the random number we have just calculated with the user password. To do it, it use the calculatePC1Hash function. It produces a 128 bits number, which is the key KFileCoder will use to encode the current file of the archive. Before encoding file data, the random number used to calculate this pass (cFileKey) is written in the arhive, to allow to calculate the key used to encode this file, when decoding. This number is encrypted with another random number, we will study it later.

Then we create a key for each file, from random numbers. Here, PSCHF is very important: it allows to calculate the file key from the user password and from the random number, but it doesn't allow to calculate the user password from the random number and the file key. Then, if someone can decode a file, he won't be able to decode other files of the archive, unlike with the pkzip system, where the same key is used for all files to encrypt.

4.3 Miscellanous encoded data

We have seen each file use a key to be encoded, and we have a random number to generate this file key for each file to encode. This random number is generated at the file encryption. But this number is need at the decoding time, to calculate the file key. Then it's written in the file, and it is even encrypted in the file.

Each random number of each file is encrypted in the file with another key: m_cMixerCodingKey. This key is calculated with PSCFH, by hashing a random number: m_cMixerCodingMixer, with the user password. At archive creation, m_cMixerCodingMixer is generated, and is written in the archive header. Each time the user open the archive, m_cMixerCodingKey is calculated, from m_cMixerCodingMixer and the user password. The m_cMixerCodingMixer is not encrypted in the archive.

4.4 The PSCHF hash (Pukall Stream Cipher Hash Function)

PSCHF is a hash algorithm written by Alexandre Pukall. It is implemented in the int calculatePC1Hash(BYTE *cHash, const BYTE *cBuffer, DWORD dwBufferLen, const BYTE *cPass) function, and based on the PC1 algorithm. It works with 128 bytes numbers.


Next Previous Contents