raandree/EventTextLengthCompare.ps1

## EventTextLengthCompare.ps1
function GenerateRandomSalt
{
    [byte[]]$data = New-Object byte[](32)

    $cp = [System.Security.Cryptography.RNGCryptoServiceProvider]::new()

    for ($i = 0; $i -lt 10; $i++)
    {
        $cp.GetBytes($data)
    }

    $cp.Dispose()

    return $data
}

function Encrypt([string]$Data, [string]$Password)
{
    [byte[]]$salt = GenerateRandomSalt
    [System.Security.Cryptography.RijndaelManaged]$aes = [System.Security.Cryptography.RijndaelManaged]::new()
    $aes.KeySize = 256
    $aes.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
    $key = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($password, $salt, 50000)
    $aes.Key = $key.GetBytes($aes.KeySize / 8)
    $aes.IV = $key.GetBytes($aes.BlockSize / 8)
    $aes.Mode = [System.Security.Cryptography.CipherMode]::CFB

    $memoryStream = [System.IO.MemoryStream]::new()
    $memoryStream.Write($salt, 0, $salt.Length)

    $bytes = [System.Text.Encoding]::Unicode.GetBytes($Data)

    $cs = [System.Security.Cryptography.CryptoStream]::new($memoryStream, $aes.CreateEncryptor(), [System.Security.Cryptography.CryptoStreamMode]::Write)

    $cs.Write($bytes, 0, $bytes.Count)
    $cs.Close()

    $memoryStream.GetBuffer()
    $memoryStream.Close()
}

$FormatEnumerationLimit = -1
$e = Get-EventLog -LogName System -Newest 1

$eventBytes = [System.Text.Encoding]::Unicode.GetBytes(($e | Format-List -Property * | Out-String))
"EventText length $($eventBytes.Length)"

$serializedEventBytes = [System.Text.Encoding]::Unicode.GetBytes([System.Management.Automation.PSSerializer]::Serialize($e, 4))
"Serialized Event length $($serializedEventBytes.Length)"

$base64EventBytes = [System.Text.Encoding]::Unicode.GetBytes([Convert]::ToBase64String($serializedEventBytes))
"Base64 Event length $($base64EventBytes.Length)"

$encryptedBase64Bytes = Encrypt -Data ([Convert]::ToBase64String($serializedEventBytes)) -Password 'ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a'
"AES256 Encrypted Base64 Event length $($encryptedBase64Bytes.Length)"
	function GenerateRandomSalt
	{
	[byte[]]$data = New-Object byte[](32)

	$cp = [System.Security.Cryptography.RNGCryptoServiceProvider]::new()

	for ($i = 0; $i -lt 10; $i++)
	{
	$cp.GetBytes($data)
	}

	$cp.Dispose()

	return $data
	}

	function Encrypt([string]$Data, [string]$Password)
	{
	[byte[]]$salt = GenerateRandomSalt
	[System.Security.Cryptography.RijndaelManaged]$aes = [System.Security.Cryptography.RijndaelManaged]::new()
	$aes.KeySize = 256
	$aes.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7
	$key = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($password, $salt, 50000)
	$aes.Key = $key.GetBytes($aes.KeySize / 8)
	$aes.IV = $key.GetBytes($aes.BlockSize / 8)
	$aes.Mode = [System.Security.Cryptography.CipherMode]::CFB

	$memoryStream = [System.IO.MemoryStream]::new()
	$memoryStream.Write($salt, 0, $salt.Length)

	$bytes = [System.Text.Encoding]::Unicode.GetBytes($Data)

	$cs = [System.Security.Cryptography.CryptoStream]::new($memoryStream, $aes.CreateEncryptor(), [System.Security.Cryptography.CryptoStreamMode]::Write)

	$cs.Write($bytes, 0, $bytes.Count)
	$cs.Close()

	$memoryStream.GetBuffer()
	$memoryStream.Close()
	}

	$FormatEnumerationLimit = -1
	$e = Get-EventLog -LogName System -Newest 1

	$eventBytes = [System.Text.Encoding]::Unicode.GetBytes(($e \| Format-List -Property * \| Out-String))
	"EventText length $($eventBytes.Length)"

	$serializedEventBytes = [System.Text.Encoding]::Unicode.GetBytes([System.Management.Automation.PSSerializer]::Serialize($e, 4))
	"Serialized Event length $($serializedEventBytes.Length)"

	$base64EventBytes = [System.Text.Encoding]::Unicode.GetBytes([Convert]::ToBase64String($serializedEventBytes))
	"Base64 Event length $($base64EventBytes.Length)"

	$encryptedBase64Bytes = Encrypt -Data ([Convert]::ToBase64String($serializedEventBytes)) -Password 'ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a'
	"AES256 Encrypted Base64 Event length $($encryptedBase64Bytes.Length)"