Name TBD

This week, we had their first two meetings with both of our project sponsors. A bit unexpected, but our project sponsor was a former student who completed the entire project last year. The project was intended to be taken down but was not. Long story short, my team will be recreating the same project from scratch! We will be modifying the project requirements slightly, but the main concept will still be the same. Since the project sponsor was a former student who was not expecting to be a sponsor, we will be working partly with the student and partly with our instructor throughout the year. The good news is we have more flexibility in what we create. The bad news is, we have to start completely from scratch. Now, we must also come up with a new name for our project. Hence the title of this blog post, Name TBD.

First Impressions

Our first meeting was with the former student who initially proposed the project. Thankfully, they were kind enough to assist us in developing project requirements and even offered to help us if we got seriously stuck. They gave us beneficial advice about using trusted cryptography libraries, so we do not have to reinvent the wheel. Our sponsor also gave us advice on a specific framework for .NET and WebAssembly which they used in the project. The framework is Blazor. This framework is intriguing because it enables us to use mostly C# for web development. With traditional web design, the languages used are mostly HTML, CSS, and Javascript . While there will still be a need to use some of the traditional web design tools, using a framework like Blazor will give us increased flexibility which will allow us to spend more time learning the C# language and the .NET framework.

Second Impressions

Out next meeting was with our professor, Bill Pfeil. We went over the project requirements and stretch goals. Which as of now, are:

Project Requirements & Goals

Bill gave us solid feedback on the project scope and encouraged us to accomplish the stretch goal peer-to-peer transfers. Overall, he though this was a great project choice for a senior project. My teammates and I have some background in security which makes us ideal candidates for this project. As it stands, it appears I have taken the most security classes, being the only one who’s taken Cryptography, Defense against the Dark Arts and Intro to Security at Oregon State. I am excited to apply some of the theoretical knowledge I learned in the Cryptography course into this project. Specifically the stretch goal of implementing Diffie-Hellman key exchange.

Next Steps

The next steps I’m hoping to accomplish with my team is to start developing a UML-like diagram to outline the different components of our project. Since most of us have not worked on a project with this big of scale, I believe understanding how different components of our software will interact with each other will be critical in maintaining good development speed. We also need to further define our project requirements down to the small details and start thinking about other questions we have. I’m hoping we can start development sometime around the end of winter term. If we can get an adequate development plan in place, we may even be able to begin work during winter break!

The Beginning

The time is finally here! I have been assigned my senior project! I’ve been excited and anxious for this time since I started at OSU 2 years ago. At this point, being nearly done with all my classes, I’m mostly excited. My team and I will be working on rewriting a website called Crypter. Crypter is a free encryption platform that allows users to encrypt messages and files, then send them to whoever they wish. The caveat is, the user has to send the decryption information to the recipient manually.

I’ve actually wanted to use something like this in the past but did not know of any viable free solutions. Maybe Crypter can be that solution. I can’t count how many times in the past I’ve looked at job offers or contracts and they require a Social Security Number sent back in a PDF via email. Since email typically uses SMTP, none of this data is encrypted and could be susceptible to packet sniffing. Crypter could be an answer to that problem.

Another benefit of Crypter is that it doesn’t require an account and it is very simple to use. If anyone reading wants to try this out, feel free. Just head over to https://crypter.dev and test it out. The process is very straightforward and doesn’t require any sign up. To encrypt files:
1. Choose a message or file to encrypt
2. Select Encrypt
3. Copy the link and the decryption key
4. Send to the recipient or decrypt it in a different tab.

Here are some snippets of the process

After selecting “Decrypt your message” Crypter shows the original message, as long as the decryption key was correct.

Why Crypter?

I selected Crypter as one of my top options because I am excited to learn more about the .NET Framework, and I’ve also taken several classes in the security realm. .NET development excites me because I believe it will become increasingly in demand for software developers in the future since it is so simple to install and run applications on any system, as long as they have the appropriate .NET framework version. I know several colleagues, friends and acquaintances who work for organizations using almost strictly C# and the .NET framework. In my career, I’ve had the opportunity to develop a few small projects in C# and have gotten to see the benefits of .NET but I’m hoping to become more proficient going forward.

During my time in IT, I’ve gotten to explore various aspects of computer security which has always been fascinating. More recently, I’ve taken cryptography, along with other security classes at OSU that I feel will be helpful when working on the implementation details for this website. In my career, I’ve seen sophisticated malware, seen how YARA signatures are created to protect against malware, and most importantly for this project, how files are encrypted and decrypted using certain cryptographic functions.

Questions & Ideas

Currently, I have a few questions that I hope can be answered during our first few meetings with our project sponsor. The first one would be knowing what encryption scheme is used to encrypt the message and is it collision resistant? The other, which isn’t necessarily a question about Crypter itself, the user has to share the key with it’s recipient, how can they do that in a safe way? Maybe a solution could be: once a user creates an account, there could be an encrypted messaging platform, so the user could have a seamless experience sending the message to it’s recipient. As of now, I could see someone encrypting a message, then emailing or sending it using another chat form that is unencrypted, which completely defeats the purpose. This isn’t an issue with Crypter in itself, but I’m curious what the ideal flow would be for a user.

I’m excited to keep this blog updated as I work with my team to develop solutions and get some of these questions answered! See you next week!