Qbasicnews.com
December 12, 2019, 02:30:28 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Back to Qbasicnews.com | QB Online Help | FAQ | Chat | All Basic Code | QB Knowledge Base
 
   Home   Help Search Login Register  
Pages: [1] 2
  Print  
Author Topic: Data Encryption  (Read 11343 times)
ca336458
New Member

Posts: 16



« on: May 26, 2004, 12:38:49 AM »

I have been sitting here pondering what the best encryption algorithm might be. I am talking about an algorithm that is nearly impossible to decrypt. Anybody have any really good algorithms?[/code]
Logged

Fade to nothing... your weakness disgusts me..."
Neo
Na_th_an
*****
Posts: 2150



« Reply #1 on: May 26, 2004, 11:35:50 AM »

An encryption algo that isn't decryptable sucks! Cheesy
Take a look at this very *d'Oh* example:
Code:
INPUT "String to encrypt:", M$
PRINT "Encrypted: " + CHR$(186)


But there are numerous of encryptions that are hard to decrypt. Note that COMPRESSION = a form of ENCRYPTION. So you could search on google for COMPRESSION (you'll turn to LZW probably) Wink
Logged
Mango
Wandering Guru
***
Posts: 360



« Reply #2 on: May 27, 2004, 02:57:53 AM »

Quote from: "ca336458"
I have been sitting here pondering what the best encryption algorithm might be. I am talking about an algorithm that is nearly impossible to decrypt. Anybody have any really good algorithms?[/code]


one way is...get a good (crypto-quality) hash function, and a good (crypto-quality) Pseudo random number generator.  Your hash function should have the following characteristics:
low probability of collisions
non-feasable to find data that hashes to a particular value

The PRNG should have the following features:
statistically random output
does not leak internal state at a rate that would be useful for attackers (ie internal state cannot be determined from long runs of output)

once you have good hash and PRNG functions, you could build a system like the following...

to encrypt:
1 get password to encrypt file
2 hash the password
3 hash the file
4 seed the PRNG with 2 & 3
5 encrypt the file by combining file data with PRNG output
6 hash the encrypted file
7 seed a second PRNG with 2 & 6
8 encrypt 3 with 7
9 write the encrypted composit consisting of 8 & 5


To unencrypt...
1 get password
2 hash password
parse the encrypted composit file into:
3 the encrypted hash of the original file
4 the encrypted file
5 hash 4
6 seed a PRNG with 2 & 5
7 unencrypt 3 with 6
8 hash 7
9 seed a second PRNG with 2 & 8
10 unencrypt  4 with 9

Which would offer data integrity and authentication.  The security of this type of system rests on the security of the password.  If you make it costly to test each password, (eg takes several seconds of processing to seed the PRNG) then you should be pretty good, even if you don't want to use a very long password.  Another thing that this kind of scheme does is...even if an attacker has a plaintext/cyphertext pair, he can't recover your password, or attack another file encrypted using the same password.

The pitfalls are many...and the learned folk on the sci.crypt newsgroup generally reccomend against "rolling your own", and reccomend using techniques that are "tried and true".  I've rolled one in c++...currently at <Version 1060> ...that works...it's a console app but it's easy to use in windows...just "drag-n-drop" or "send-to" files to the exe and it launches and prompts for passwords, etc.  I've had fun making the system, and have learned tons, but don't expect people to give you praise for your work.  Instead, people with knowledge will PooPoo your efforts, call it "snake-oil" and worse, and no one else will care...however, I encourage you to learn about, plan, and implement crypto...it's challenging and interesting.  

Good luck.
Logged
na_th_an
*/-\*
*****
Posts: 8244



WWW
« Reply #3 on: May 27, 2004, 11:08:34 AM »

RSA and another methods of public/private password are impossible to decrypt without the password.
Logged

SCUMM (the band) on Myspace!
ComputerEmuzone Games Studio
underBASIC, homegrown musicians
[img]http://www.ojodepez-fanzine.net/almacen/yoghourtslover.png[/i
Neo
Na_th_an
*****
Posts: 2150



« Reply #4 on: May 27, 2004, 11:12:46 AM »

How about md5 CRCs? Can't it be applied to a larger scale?
Logged
ca336458
New Member

Posts: 16



« Reply #5 on: May 27, 2004, 12:25:06 PM »

The best way to encrypt is similar to winzip and wordperfect, programs that let you password lock a file. What you do is you ask the user for a password. You use this password to do something to the data. You don't store the password in the data at all. So in order to decrypt the data, the user would have to input the correct password. If they enter the wrong one, then what they get is random data based on the password they gave. And of course, the longer the password is, the better. It works well because disassembling the program that you use, will give you no clue either. Well, unless you are psychic and can read the person's mind for the password. So I guess there is no way to encrypt something that would make it impossible to decrypt.
Logged

Fade to nothing... your weakness disgusts me..."
na_th_an
*/-\*
*****
Posts: 8244



WWW
« Reply #6 on: May 27, 2004, 12:56:10 PM »

Quote from: "Neo"
How about md5 CRCs? Can't it be applied to a larger scale?


MD5 is a summing-up function. It sums up the message, then gets encrypted to create digital signatures or certificates. It is not a crypto-system itself.
Logged

SCUMM (the band) on Myspace!
ComputerEmuzone Games Studio
underBASIC, homegrown musicians
[img]http://www.ojodepez-fanzine.net/almacen/yoghourtslover.png[/i
oracle
*/-\*
*****
Posts: 3652



WWW
« Reply #7 on: May 27, 2004, 05:39:48 PM »

... and it's impossible for a computer to decrypt anyway Wink
Logged

KiZ
__/--\__
*****
Posts: 2879


WWW
« Reply #8 on: May 28, 2004, 05:53:54 AM »

Yey. I made a crypto function yesterday. Quite pleased with it really. Impossible to crack without the password. When you put the same word and password in to be encrypted twice, you can get different results each time! Very secure.

Method -

-takes a random number
-XORs the random number with each ASCII of the password.
-Then XORs each ASCII Char code of the text to be encrypted with the new password.
-Produces a long number string, different every time.

-can be decrypted fine every time.

What do you guys think of the method?
Logged
ca336458
New Member

Posts: 16



« Reply #9 on: May 28, 2004, 12:25:08 PM »

How do you decrypt the data if you are XOR(ing) your password with random numbers? To decrypt the program would XOR each char of the password that the user enters. How does the program know which random numbers to use?
Logged

Fade to nothing... your weakness disgusts me..."
KiZ
__/--\__
*****
Posts: 2879


WWW
« Reply #10 on: May 28, 2004, 03:57:31 PM »

I was wondering wether someone would pick up on that.
What I neglected to mention was, that it stores the random number at the beggining of the number String Wink

IE

encodedstring = randomnumber + text XORed  with Password XORed with number at start of string.


Really, its just to make it all the more confusing for the decryptors. Not that they could decrypt it without the password, anyway.

The random number just makes it different every time, eg if you were passing these as private commands in an OS and you didnt want any observers to know what was being passed, then they wouldnt even know if you had passed the same one twice, because it would appear different everytime. =)
Logged
ca336458
New Member

Posts: 16



« Reply #11 on: May 28, 2004, 06:17:51 PM »

A good decryption algorithm MUST have a password or random numbers to be good. And if they have both then it's even better. What about swapping the bits of all the data in the file? I mean using a password and then from that password, perform some swapping of the bits of all the data. Or even better, invent your own language, then use an encryption on it! Nobody will be able to decrypt something in a different language. Something like aliens sending us a message, we would never know what the message is. Well, WE wouldn't, but the government and military would know in time.  :rotfl:
Logged

Fade to nothing... your weakness disgusts me..."
whitetiger0990
__/--\__
*****
Posts: 2964



WWW
« Reply #12 on: May 28, 2004, 06:28:08 PM »

nah aliens wont contact us. unless they are evil. it would mess up us all up. ever hear of the "Prime directive"?



 :wtnod2:



edit: working... on.... algorithm... now.....
Logged


[size=10]Back by popular demand!
I will byte and nibble you bit by bit until nothing remains but crumbs.[/size]
KiZ
__/--\__
*****
Posts: 2879


WWW
« Reply #13 on: May 29, 2004, 06:57:44 AM »

Quote from: "ca336458"
A good decryption algorithm MUST have a password or random numbers to be good.


So does that mean you like my routine?
Logged
ca336458
New Member

Posts: 16



« Reply #14 on: May 29, 2004, 01:30:08 PM »

Quote from: "dark_prevail"
Quote from: "ca336458"
A good decryption algorithm MUST have a password or random numbers to be good.


So does that mean you like my routine?


Yes, I like the routine, but just as long as you realize that XORing 2 equal #'s (2 XOR 2) then you will get 0. So you would have to watch for that. You could add some more encryption layers to your code to make it even harder to crack. What I mean is you can execute your code, then maybe reverse(1=0, 0=1) all the bits in the data, then write the data from end to beginning, etc. To make it better, maybe your should force the user to enter a long password and generate more than one random number.  :rotfl:
Logged

Fade to nothing... your weakness disgusts me..."
Pages: [1] 2
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!