Data Encryption

[Mango]

Cheers, and keep talking...it'll make whatever you develop more secure...which is the goal, after-all. You should avoid getting your ego involved. Ego and crypto don't mix...ego will lead to blindness...and weak crypto...good luck.

Ego? Who ever said anything about my Ego? What has that got to do with it? Please, you are mistaken if you thought that I thought my crypto function was "Great" and "really secure". I doubt that it stands up at all compared to modern crypto routines. Im just pleased with it, seeing as I dont even understand how proper ones work, and I have never studied them.

I was just suggesting that defending what appear to me as obvious holes in your admittedly naive idea is, perhaps, counterproductive. I never intended to, nor did I, in my eyes, insult or attack your ideas or work. I was *attempting* to offer constructive criticism, although you will not be the first to be offended by such attempts. Cheers, and good luck.

Cheers, and keep us informed about your progress.

[KiZ]

Fair enough. I have major loopholes in my code, in certain ways, and I see now that it really doesnt stand up. I made a program that can figure out the password using a piece of encrypted text, and the same, but non-encrypted text. I give up on this encryption thing =P Maybe when Im older and I have learnt more about crypto techniques.

[Nemesis]

I have been sitting here pondering what the best encryption algorithm might be. I am talking about an algorithm that is nearly impossible to decrypt. Anybody have any really good algorithms?[/code]

Yes, I do...
It's called Password Seeded Bit Encryption or P_S_B_E
it's practically impossible to decrypt without the password that encrypted it. (Works on any type of file :)

Check it out, and tell me what you think...

'''
' P_S_B_E (Password_Seeded_Bit_Encryption), version 1.1
'
' ©opyright 2004, Pure QB Innovations
'
'
' Email any questions, comments, or beta results to...
' ESmemberNEMESIS@aol.com
'
' Visit the Pure QB Innovations web site at...
' http://members.aol.com/esmembernemesis/index.htm
'
' THIS PROGRAM MAY BE DISTRIBUTED FREELY AS PUBLIC DOMAIN SOFTWARE
' AS LONG AS ANY PART OF THIS FILE IS NOT ALTERED IN ANY WAY.
' IF YOU DO WISH TO USE THESE ROUTINES IN YOUR OWN PROGRAMS
' THEN PLEASE GIVE CREDIT TO THE AUTHOR... Mario LaRosa.
'
'''
'
ON ERROR GOTO Event
'
DEFINT A-Z
'
SCREEN 0: WIDTH 80
'
GOSUB Title
GOSUB Menu
GOSUB File
GOSUB Pass
GOSUB Plant
GOSUB Algorithm
GOSUB Status
'
RUN
'
Title:
CLS
COLOR 8: LOCATE 25, 1: PRINT "( )opyright 2004,";
COLOR 7: LOCATE 25, 2: PRINT "C";
COLOR 4: LOCATE 25, 19: PRINT "Pure";
COLOR 2: LOCATE 25, 24: PRINT "QB";
COLOR 1: LOCATE 25, 27: PRINT "Innovations";
COLOR 8: LOCATE 1, 25: PRINT "Password_Seeded_Bit_Encryption"
COLOR 7: LOCATE 1, 25: PRINT "P"
LOCATE 1, 34: PRINT "S"
LOCATE 1, 41: PRINT "B"
LOCATE 1, 45: PRINT "E"
RETURN
'
Menu:
COLOR 8
PRINT : PRINT : PRINT
PRINT "Please choose an option..."
PRINT
PRINT " ["; : COLOR 7: PRINT "D"; : COLOR 8: PRINT "]ecrypt file"
PRINT " ["; : COLOR 7: PRINT "E"; : COLOR 8: PRINT "]ncrypt file"
PRINT " ["; : COLOR 7: PRINT "Q"; : COLOR 8: PRINT "]uit PSBE"
DO
K$ = INKEY$
SELECT CASE UCASE$(K$)
CASE "E"
Choice$ = "encrypt"
EXIT DO
CASE "D"
Choice$ = "decrypt"
EXIT DO
CASE "Q"
COLOR 7
SYSTEM
END SELECT
LOOP
RETURN
'
File:
GOSUB Title
COLOR 8
PRINT : PRINT : PRINT "Enter the name (including the source path),"
PRINT "of the file you wish to "; Choice$; "..."
COLOR 7: PRINT : LINE INPUT " "; File$
FileNum = FREEFILE
OPEN File$ FOR BINARY AS FileNum
LenFile& = LOF(FileNum)
IF LenFile& = 0 THEN CLOSE FileNum: KILL File$: ERROR 53
RETURN
'
Pass:
COLOR 8
PRINT : PRINT "Enter password to "; Choice$; " this file..."
COLOR 7
PRINT : LINE INPUT " "; Password$
LenPassword = LEN(Password$)
IF LenPassword < 1 THEN
COLOR 4
PRINT : PRINT "Password not legal."
SLEEP 2
RUN
END IF
RETURN
'
Plant:
seed& = &H8000
RANDOMIZE LenPassword
FOR x = 1 TO LenPassword
r = INT(RND(1) * LenPassword + 1)
seed& = seed& + ASC(MID$(Password$, r, 1)) + (&H100 * (x - 1))
NEXT
RANDOMIZE seed&
RETURN
'
Algorithm:
COLOR 4: PRINT : PRINT "Are you sure?"
COLOR 8: PRINT : PRINT " [ ]o or [ ]es";
COLOR 15: LOCATE 15, 3: PRINT "N"
LOCATE 15, 11: PRINT "Y"
DO
K$ = INKEY$
SELECT CASE UCASE$(K$)
CASE "Y"
COLOR 2: PRINT : PRINT "..."; Choice$; "ing..."
EXIT DO
CASE "N"
RUN
END SELECT
LOOP
DIM b AS STRING * 1
SELECT CASE Choice$
CASE "encrypt"
FOR i& = 1 TO LenFile&
GET FileNum, i&, b
r = INT(RND(1) * LenPassword + 1)
f = ASC(MID$(Password$, r, 1))
s = ASC(b)
n = (f + s) AND 255
b = CHR$(n)
PUT FileNum, i&, b
NEXT
CASE "decrypt"
FOR i& = 1 TO LenFile&
GET FileNum, i&, b
r = INT(RND(1) * LenPassword + 1)
f = ASC(MID$(Password$, r, 1))
s = ASC(b)
n = (s - f) AND 255
b = CHR$(n)
PUT FileNum, i&, b
NEXT
END SELECT
CLOSE FileNum
RETURN
'
Status:
COLOR 7
PRINT : PRINT "File has been "; Choice$; "ed."
SLEEP 2
RETURN
'
Event:
COLOR 4: PRINT : PRINT "File not found."
SLEEP 2
RUN
'

[Nemesis]

Hey everyone, I've noticed nobody had any comments on my encryption program, but I figured not to many of you are intrested
in this subject. For those that are, you'll notice this program is very secure, it's the most secure I've seen (for QBASIC) on the net.
I wrote this algorithm a while back as a challenge because a few programmers on an, AOL QB programming board, said I couldn't code an encryption routine and reveal the source code that they couldn't crack. Well they admitted their current machines couldn't
crack the encryption within their lifespans. (We all later became good friends).
Then last year I took that encryption algorithm and made P_S_B_E. The encryption is very secure because of a few things I'll point out.
First of all it's based on a random password that the user supplies,
it can be a short password, like 6 characters, or it can be a long one
like say 32 characters or even more. Since a hacker doesn't know the password, he won't know the length of the password either.
After a user enters his random password the program seeds the pseudo-random numbers with the length of the password and again with random bytes from the password...

Code:

seed& = &H8000
RANDOMIZE LenPassword
FOR x = 1 TO LenPassword
r = INT(RND(1) * LenPassword + 1)
seed& = seed& + ASC(MID$(Password$, r, 1)) + (&H100 * (x - 1))
NEXT
RANDOMIZE seed&

Now there's no telling where the randomizers seed will start
because first you don't know the length of the password,
and second, two passwords of the same length can have the same seed too, or even totally different seeds!
After the program seeds the randomizer, then it encrypts the selected file, byte X byte with random bytes from the password and adds them, rolling over any overflows.
The program simply uses revers logic when decrypting files.

Code:

DIM b AS STRING * 1
SELECT CASE Choice$
CASE "encrypt"
FOR i& = 1 TO LenFile&
GET FileNum, i&, b
r = INT(RND(1) * LenPassword + 1)
f = ASC(MID$(Password$, r, 1))
s = ASC(b)
n = (f + s) AND 255
b = CHR$(n)
PUT FileNum, i&, b
NEXT
CASE "decrypt"
FOR i& = 1 TO LenFile&
GET FileNum, i&, b
r = INT(RND(1) * LenPassword + 1)
f = ASC(MID$(Password$, r, 1))
s = ASC(b)
n = (s - f) AND 255
b = CHR$(n)
PUT FileNum, i&, b
NEXT
END SELECT
CLOSE FileNum

That's basically the scheme for my encryption routine,
very secure even with the source available!
One thing that sucks with this program is it's kinda slow since it reads/writes bytexbyte, I'll be working on another version soon that'll change the sluggishness by writing/reading 16 or 32 bytes at a time instead, and I'll maybe add a decent GUI too!

Cya!

P.S...

I went ahead and uploaded P_S_B_E at Pete's QB site...
http://www.petesqbsite.com/downloads/misc.shtml
you can grab a copy there and post a review if you wish.
THANX

[Z!re]

Any encryption can be beaten, either directly, or by using good ol' research, even talking to an amployee can give you a password. Then it no longer matters what encryption is used.



My old routine, not unbeatable, but extremely hard to crack:
(Note it generates a 1/1 encryption (plsu one extra byte) so chars < 31 may turn out and mess up the printed strings )

Code:

DEFINT A-Z
'$DYNAMIC
DECLARE FUNCTION Decode$ (in$, pass$)
DECLARE FUNCTION Encode$ (in$, pass$)

RANDOMIZE TIMER

CLS

'note same string and password in all 3 cases
Coded$ = Encode$("Hello, World Hello, World", "password here")
PRINT Coded$
PRINT Decode$(Coded$, "password here")

'note same string and password in all 3 cases
Coded$ = Encode$("Hello, World Hello, World", "password here")
PRINT Coded$
PRINT Decode$(Coded$, "password here")

'note same string and password in all 3 cases
Coded$ = Encode$("Hello, World Hello, World", "password here")
PRINT Coded$
PRINT Decode$(Coded$, "password here")

FUNCTION Decode$ (in$, pass$)
oin$ = in$
IF LEN(in$) < 2 THEN EXIT FUNCTION
t! = LEN(in$) / 2
m = INT(LEN(in$) / 2)
IF m = t! THEN
d1$ = LEFT$(in$, m - 1)
d2$ = RIGHT$(in$, m)
m$ = MID$(in$, m, 1)
ELSE
d1$ = LEFT$(in$, m)
d2$ = RIGHT$(in$, m)
m$ = MID$(in$, m + 1, 1)
END IF
in$ = d1$ + d2$
g = ASC(m$)
FOR a = 1 TO LEN(in$)
pl = pl + 1
IF pl > LEN(pass$) THEN pl = 1: q = q + 1
b = ASC(MID$(in$, a, 1))
IF g > 127 THEN
  c = ASC(MID$(pass$, LEN(pass$) - (pl - 1), 1))
ELSE
  c = ASC(MID$(pass$, pl, 1))
END IF
bc = b - c - g - a - pl - q
DO
  IF bc < 0 THEN bc = bc + 255
LOOP WHILE bc < 0
d$ = d$ + CHR$(bc)
NEXT
Decode$ = d$
in$ = oin$
END FUNCTION

FUNCTION Encode$ (in$, pass$)
g = (255 * RND + 255 * RND) * RND
IF g > 255 THEN g = g - 255
FOR a = 1 TO LEN(in$)
pl = pl + 1
IF pl > LEN(pass$) THEN pl = 1: q = q + 1
b = ASC(MID$(in$, a, 1))
IF g > 127 THEN
  c = ASC(MID$(pass$, LEN(pass$) - (pl - 1), 1))
ELSE
  c = ASC(MID$(pass$, pl, 1))
END IF
bc = b + c + g + a + pl + q
DO
  IF bc > 255 THEN bc = bc - 255
LOOP WHILE bc > 255
c$ = CHR$(VAL("&H" + HEX$(bc)))
d$ = d$ + c$
NEXT
g$ = CHR$(VAL("&H" + HEX$(g)))
t! = LEN(d$) / 2
m = INT(LEN(d$) / 2)
IF m = t! THEN
p1$ = LEFT$(d$, m)
p2$ = RIGHT$(d$, m)
d$ = p1$ + g$ + p2$
ELSE
p1$ = LEFT$(d$, m)
p2$ = RIGHT$(d$, m + 1)
d$ = p1$ + g$ + p2$
END IF
Encode$ = d$
END FUNCTION

[Mac]

OK, nemisis, I will comment on your code

Heh! I suspect the only acceptable comment is simply "Wow! That is certainly secure and engenious" and any lengthy analysis is boring and to be ignored. But anyway, here goes....

You used:
  r = INT(RND(1) * LenPassword + 1)
  f = ASC(MID$(Password$, r, 1))
to get then encryption/decryption displacement.

The code normally used is
  f = INT(RND(1) * 256)

If you run the program at the end of this reply, you will see that in an example, f only has the following values:
32, 66, 83, 97, 99, 100, 101, 104, 110, and 121
whereas in the normal method, f has values from 0 to 255.

If I had a cryptogram produced by your program, I would have a head start knowing that I don't have all 255 displacements to worry about. Even though I don't know how many, I know that it is probably less than 33. Maybe even 6 or 7!

Let's assume an encrypted English text. Then I would take the first character of the cryptogram and compute what values of displacements would yield a-z,A-Z,0-9,and punctuation. Continue for all other characters. Using this, I could quickly determine the list, especially since the displacements are known to be ASC values of characters typically used to create passwords.

This technique does not apply to the conventional method as it would simply yield the result that the list is 0 through 255.

So anyway, assuming the password used below, the list would be found. It would be seen that 97 was used twice as much, so the list is really
32, 66, 83, 97, 97, 99, 100, 101, 104, 110, and 121

In other words, every character is encrypted using one of those numbers, even though we still don't know which one.

I won't continue, but it is no great challenge to decrypt using all those hints.

I recommend changing to the normal method or, even better, to a version of RND better suited to encryption.

The QBasic Forum has a subforum, "QBasic programs you are proud of".
http://www.network54.com/Forum/178387

I have posted there under "Mac" an elaborate encryption program (SuperC) and then noted a problem: "Security weakness uncovered".

Finally, I posted "On the trail to the solution of the security weakness", including a subroutine, CRND, which provides a long enough series.

You are welcome to use it.

Mac

'================================

CLS
DIM Used(255) AS INTEGER ' Used(f)=How many times f was used.
PRINT "---------------------- Method you chose"
y = RND(-2345)
Password$ = "Sandy Beach"
LenPassword = LEN(Password$)
FOR i = 1 TO 5000
  r = INT(RND(1) * LenPassword + 1)
  f = ASC(MID$(Password$, r, 1))
  Used(f) = Used(f) + 1
NEXT i
FOR i = 0 TO 255
  IF Used(i) > 0 THEN PRINT i, Used(i): Used(i) = 0
  NEXT i: PRINT
PRINT "--------------------- Method normally used"
y = RND(-2345)
FOR i = 1 TO 5000
  f = INT(RND(1) * 256)
  Used(f) = Used(f) + 1
NEXT i
FOR i = 0 TO 55: PRINT Used(i); " "; : NEXT i: PRINT
FOR i = 200 TO 255: PRINT Used(i); " "; : NEXT i: PRINT
SYSTEM

[Nemesis]

You used:
r = INT(RND(1) * LenPassword + 1)
f = ASC(MID$(Password$, r, 1))
to get then encryption/decryption displacement.

The code normally used is
f = INT(RND(1) * 256)

There's a few things I think you over looked.
Using int(RND(1)*256) leaves a big hole in security because
that would follow a pattern in QB's pseudo-random # list.
Just loking through the source would reveal that you are in fact generating a 256 random number, which wouldn't really be so random after all. Now, using random numbers based off the password is much more random because the password is random itself. Also the password isn't limited to typical characters.
Your password can be, say 100+ characters long with odd characters like... _É¢ª¦Åô¼, so you are in fact able to use all 256 displacements if you think about it

Cya.

[anarky]

A good decryption algorithm MUST have a password or random numbers to be good. And if they have both then it's even better. What about swapping the bits of all the data in the file? I mean using a password and then from that password, perform some swapping of the bits of all the data. Or even better, invent your own language, then use an encryption on it! Nobody will be able to decrypt something in a different language. Something like aliens sending us a message, we would never know what the message is. Well, WE wouldn't, but the government and military would know in time.

That's how mine is designed to work, amongst password encoding etc.

Here are the steps (I actually made it for an archiving utility):
1. Pack all files into one unencoded file
2. Prompt for password 8 chars or more
3. Generate sequence number from that password
4. Alternately raise and lower character values for each digit of the string, increasing in length per segment for each generated number placement IE: #1234 1byte raise 1 character (a=b), 2bytes lower (df=bd), etc
5. Run twice over code, after performing a test decryption to verify (I still have trouble with this method as sometimes it leaves a decrypted file corrupt)
6. Using same number, store decryption algorithm digits sperately at certain points of the ALREADY ENCRYPTED file
7. Pass file through a level three encryption based on that number
8. Close file

Decrypting is the reverse:
1. Prompt for password
2. Generate number using same algorithm (secretly embedded in the program
3. Using number, pass file through level three security clearance
4. At preset points in file, gather numbers to build decryption code
5. Verify if entered and stored numbers match. If so, password is correct, continue decryption
6. Pass through decryption in the reverse stated above, file should be decrypted completely

In the unpacking process, this is built into the setup engine. After decryption (and uncompression (still dodgy)) files are unpacked to seperate files and checked against a file table built into the setup program. If there is a mismatch, the password is still incorrect. If all is ok, then you have success.

Hope that's not too complex for you. The fact that mine is compressed also makes it doubly difficult to hack. Who's going to know it's compressed. Do you want the algorithm for my compression routine? HAHAHAA!!! Forget it!

>anarky - secretive as always.