Data Encryption

[KiZ]

I was wondering wether someone would pick up on that.
What I neglected to mention was, that it stores the random number at the beggining of the number String

IE

encodedstring = randomnumber + text XORed with Password XORed with number at start of string.


Really, its just to make it all the more confusing for the decryptors. Not that they could decrypt it without the password, anyway.

The random number just makes it different every time, eg if you were passing these as private commands in an OS and you didnt want any observers to know what was being passed, then they wouldnt even know if you had passed the same one twice, because it would appear different everytime. =)

[ca336458]

A good decryption algorithm MUST have a password or random numbers to be good. And if they have both then it's even better. What about swapping the bits of all the data in the file? I mean using a password and then from that password, perform some swapping of the bits of all the data. Or even better, invent your own language, then use an encryption on it! Nobody will be able to decrypt something in a different language. Something like aliens sending us a message, we would never know what the message is. Well, WE wouldn't, but the government and military would know in time. :rotfl:

[whitetiger0990]

nah aliens wont contact us. unless they are evil. it would mess up us all up. ever hear of the "Prime directive"?



:wtnod2:



edit: working... on.... algorithm... now.....

[KiZ]

A good decryption algorithm MUST have a password or random numbers to be good.

So does that mean you like my routine?

[ca336458]

A good decryption algorithm MUST have a password or random numbers to be good.

So does that mean you like my routine?

Yes, I like the routine, but just as long as you realize that XORing 2 equal #'s (2 XOR 2) then you will get 0. So you would have to watch for that. You could add some more encryption layers to your code to make it even harder to crack. What I mean is you can execute your code, then maybe reverse(1=0, 0=1) all the bits in the data, then write the data from end to beginning, etc. To make it better, maybe your should force the user to enter a long password and generate more than one random number. :rotfl:

[Mango]

I was wondering wether someone would pick up on that.
What I neglected to mention was, that it stores the random number at the beggining of the number String

IE

encodedstring = randomnumber + text XORed with Password XORed with number at start of string.

This is totally weak. Suppose an attacker gives you a file to encrypt. He now has a plaintext/cyphertext pair. Based on your scheme, he can easily recover your original password and unencrypt any other file you have encrypted using the same password.

Any decent crypto-system should not be vulnerable to such a trivial "chosen plaintext" attack.

You might not think that this is important...you would be mistaken. Suppose the attacker doesn't know the whole contents of the file...rather he just knows it's a Word document. It is quite possible that knowledge of particular bytes in the Word file structure would be enough to back out your password!!! This is a major vulnerability.

Cheers.

[KiZ]

Yes, but he wouldnt know the structure of the encoded string. That is secret. I mean, even if I encoded some text he gave me, he still couldnt work it out unless he knew about what the number on the front did, and how to use it. And besides, the script is not for encoding text documents. It would be for encoding short messages or commands. =P

No need to be so condescending.

[Mango]

Yes, but he wouldnt know the structure of the encoded string. That is secret. I mean, even if I encoded some text he gave me, he still couldnt work it out unless he knew about what the number on the front did, and how to use it. And besides, the script is not for encoding text documents. It would be for encoding short messages or commands. =P

No need to be so condescending.

sorry...didn't mean to be condescending. Just trying to point out issues that others, smart people who have given encryption a great deal of thought, have come up with.

On another note...any decent encryption routine should remain secure *even if your attacker has your source code*. This is critical. "Security through obscurity" is a recipe for disaster.

Seriously...I'm not being condescending. Crypography has many layers and issues. If you are seriously interested there is a bunch of free literature available. The "Handbook of applied cryptography" is a good free place to start...available on the net for free. I wrote my first crypto in QB...using what I thought was a good PRNG. After learning a bunch, I understood that my supposedly good PRNG leaked state like a sieve, and I had neglected to include authentication. I then went and learned c++ because QB was ill-suited to providing an efficient implementation.

In my first post, I provide a link to the latest version of my encryption program/source. I don't claim that it is the bomb...however, I've dealt with each issue as I have come to understand it. It deals with many issues that weren't obvious to me until I had learned a bunch about the history of crypto. I was just trying to help you bypass some pitfalls that *I* made as I became interested in cryptography.

Cheers, and keep talking...it'll make whatever you develop more secure...which is the goal, after-all. You should avoid getting your ego involved. Ego and crypto don't mix...ego will lead to blindness...and weak crypto...good luck.

[na_th_an]

Yeah.

Mathematicians have been ages developing secure crypto systems. A simple XOR system will always be easily beaten by a dictionary attack, you can do what you want, that it is true.

If you want a good cryptosystem, google for RSA.

[KiZ]

Cheers, and keep talking...it'll make whatever you develop more secure...which is the goal, after-all. You should avoid getting your ego involved. Ego and crypto don't mix...ego will lead to blindness...and weak crypto...good luck.

Ego? Who ever said anything about my Ego? What has that got to do with it? Please, you are mistaken if you thought that I thought my crypto function was "Great" and "really secure". I doubt that it stands up at all compared to modern crypto routines. Im just pleased with it, seeing as I dont even understand how proper ones work, and I have never studied them.