08-23-2004, 01:12 PM
OK, nemisis, I will comment on your code
Heh! I suspect the only acceptable comment is simply "Wow! That is certainly secure and engenious" and any lengthy analysis is boring and to be ignored. But anyway, here goes....
You used:
  r = INT(RND(1) * LenPassword + 1)
  f = ASC(MID$(Password$, r, 1))
to get then encryption/decryption displacement.
The code normally used is
  f = INT(RND(1) * 256)
If you run the program at the end of this reply, you will see that in an example, f only has the following values:
32, 66, 83, 97, 99, 100, 101, 104, 110, and 121
whereas in the normal method, f has values from 0 to 255.
If I had a cryptogram produced by your program, I would have a head start knowing that I don't have all 255 displacements to worry about. Even though I don't know how many, I know that it is probably less than 33. Maybe even 6 or 7!
Let's assume an encrypted English text. Then I would take the first character of the cryptogram and compute what values of displacements would yield a-z,A-Z,0-9,and punctuation. Continue for all other characters. Using this, I could quickly determine the list, especially since the displacements are known to be ASC values of characters typically used to create passwords.
This technique does not apply to the conventional method as it would simply yield the result that the list is 0 through 255.
So anyway, assuming the password used below, the list would be found. It would be seen that 97 was used twice as much, so the list is really
32, 66, 83, 97, 97, 99, 100, 101, 104, 110, and 121
In other words, every character is encrypted using one of those numbers, even though we still don't know which one.
I won't continue, but it is no great challenge to decrypt using all those hints.
I recommend changing to the normal method or, even better, to a version of RND better suited to encryption.
The QBasic Forum has a subforum, "QBasic programs you are proud of".
http://www.network54.com/Forum/178387
I have posted there under "Mac" an elaborate encryption program (SuperC) and then noted a problem: "Security weakness uncovered".
Finally, I posted "On the trail to the solution of the security weakness", including a subroutine, CRND, which provides a long enough series.
You are welcome to use it.
Mac
'================================
CLS
DIM Used(255) AS INTEGER ' Used(f)=How many times f was used.
PRINT "---------------------- Method you chose"
y = RND(-2345)
Password$ = "Sandy Beach"
LenPassword = LEN(Password$)
FOR i = 1 TO 5000
  r = INT(RND(1) * LenPassword + 1)
  f = ASC(MID$(Password$, r, 1))
  Used(f) = Used(f) + 1
NEXT i
FOR i = 0 TO 255
  IF Used(i) > 0 THEN PRINT i, Used(i): Used(i) = 0
  NEXT i: PRINT
PRINT "--------------------- Method normally used"
y = RND(-2345)
FOR i = 1 TO 5000
  f = INT(RND(1) * 256)
  Used(f) = Used(f) + 1
NEXT i
FOR i = 0 TO 55: PRINT Used(i); " "; : NEXT i: PRINT
FOR i = 200 TO 255: PRINT Used(i); " "; : NEXT i: PRINT
SYSTEM
Heh! I suspect the only acceptable comment is simply "Wow! That is certainly secure and engenious" and any lengthy analysis is boring and to be ignored. But anyway, here goes....
You used:
  r = INT(RND(1) * LenPassword + 1)
  f = ASC(MID$(Password$, r, 1))
to get then encryption/decryption displacement.
The code normally used is
  f = INT(RND(1) * 256)
If you run the program at the end of this reply, you will see that in an example, f only has the following values:
32, 66, 83, 97, 99, 100, 101, 104, 110, and 121
whereas in the normal method, f has values from 0 to 255.
If I had a cryptogram produced by your program, I would have a head start knowing that I don't have all 255 displacements to worry about. Even though I don't know how many, I know that it is probably less than 33. Maybe even 6 or 7!
Let's assume an encrypted English text. Then I would take the first character of the cryptogram and compute what values of displacements would yield a-z,A-Z,0-9,and punctuation. Continue for all other characters. Using this, I could quickly determine the list, especially since the displacements are known to be ASC values of characters typically used to create passwords.
This technique does not apply to the conventional method as it would simply yield the result that the list is 0 through 255.
So anyway, assuming the password used below, the list would be found. It would be seen that 97 was used twice as much, so the list is really
32, 66, 83, 97, 97, 99, 100, 101, 104, 110, and 121
In other words, every character is encrypted using one of those numbers, even though we still don't know which one.
I won't continue, but it is no great challenge to decrypt using all those hints.
I recommend changing to the normal method or, even better, to a version of RND better suited to encryption.
The QBasic Forum has a subforum, "QBasic programs you are proud of".
http://www.network54.com/Forum/178387
I have posted there under "Mac" an elaborate encryption program (SuperC) and then noted a problem: "Security weakness uncovered".
Finally, I posted "On the trail to the solution of the security weakness", including a subroutine, CRND, which provides a long enough series.
You are welcome to use it.
Mac
'================================
CLS
DIM Used(255) AS INTEGER ' Used(f)=How many times f was used.
PRINT "---------------------- Method you chose"
y = RND(-2345)
Password$ = "Sandy Beach"
LenPassword = LEN(Password$)
FOR i = 1 TO 5000
  r = INT(RND(1) * LenPassword + 1)
  f = ASC(MID$(Password$, r, 1))
  Used(f) = Used(f) + 1
NEXT i
FOR i = 0 TO 255
  IF Used(i) > 0 THEN PRINT i, Used(i): Used(i) = 0
  NEXT i: PRINT
PRINT "--------------------- Method normally used"
y = RND(-2345)
FOR i = 1 TO 5000
  f = INT(RND(1) * 256)
  Used(f) = Used(f) + 1
NEXT i
FOR i = 0 TO 55: PRINT Used(i); " "; : NEXT i: PRINT
FOR i = 200 TO 255: PRINT Used(i); " "; : NEXT i: PRINT
SYSTEM