How can I increase the effectiveness of encryption for storing application settings?

I am currently using the RC4 algorithm to store application settings and when I observe output it looks easily decodable. The output of strings which start with the same letters appear to be the same.

Short strings lead to short output and longer strings produce longer output.

However I am looking for something that will produce longer output for short strings.

Is there another algorithm that will create more 'scrambled' output even with short strings?

I also want to suffix or prefix the input with some data that I can easily recognize and strip out after decoding to create more randomness on the output.

I have created new code using Rijndael displayed below, but it still suffers from the 开发者_如何学Csame lack of variation in the output. I suspect there are some additional parameters required to create more variation in the output, IVs, block padding and all that.

unit testform;

{$mode objfpc}{$H+}

interface

uses
  Classes, SysUtils, FileUtil, LResources, Forms, Controls, Graphics, Dialogs,
  StdCtrls, DCPrijndael, DCPsha1;

type

  { TForm1 }

  TForm1 = class(TForm)
    edtKeyString: TEdit;
    edtInputText: TEdit;
    edtEncryptedText: TEdit;
    Label1: TLabel;
    Label2: TLabel;
    Label3: TLabel;
    procedure edtInputTextChange(Sender: TObject);
  private
    { private declarations }
  public
    { public declarations }
  end; 

var
  Form1: TForm1; 

implementation

{ TForm1 }

procedure TForm1.edtInputTextChange(Sender: TObject);
var
  Cipher: TDCP_rijndael;
begin
  Cipher:= TDCP_rijndael.Create(Self);
  Cipher.InitStr(edtKeyString.Text,TDCP_sha1);
  edtEncryptedText.Text := Cipher.EncryptString(edtInputText.Text);
  Cipher.Burn;
  Cipher.Free;
end;

initialization
  {$I testform.lrs}

end.

RC4 is a stream cipher. You might want to look at a block cipher like AES. Don't forget to use padding, too, e.g. PKCS7.

EDIT: Do not add suffix/prefix data in order to "create more randomness". The encryption algorithm will do that for you (unless it's a broken algorithm, in which case choose a different one). At best this is pointless; at worst this is adding a "crib" that will make it easier for someone to attack your encryption.