Sign in to follow this  
Vortez

What do you think of my encryption algorithm

Recommended Posts

MichaelNIII    195
I know its been said a ton. But they are right. I will disagree that working on your own cyphers is a bad thing. More so because of your understanding will be worth the mistakes. However if you need to be able to undo the cypher on the users computer then it kinda is pointless. If you are trying to make sure they can't use false files for your game and are encryting them oddly to keep people from making alternative textures - stop, this isn't the way to go. I would suggest getting a md5 or such of the file, and then when you load the image check to make sure its md5 is the same as the one distributed with the program. This is hackable, however is a much better alternative.

Share this post


Link to post
Share on other sites
ApochPiQ    23010
Just use a known asymmetric encryption scheme. Secure network transmission is a well-explored problem, and believe me when I say you're just begging for someone to come along and break your attempted encryption in a matter of minutes of reverse engineering.

Share this post


Link to post
Share on other sites
xGummy    114

The golden rule for programmers producing their own encryption algorithms is "DON'T". Anything you produce is likely to provide very poor security. Just pick one of the established algorithms designed by cryptography experts that's easy to implement (like XTEA).

Unless of course you're interested in cryptography. In which case you're better off studying the existing algorithms and what makes them effective rather than trying to come up with something new from scratch.

I agree it's better to use an existing algorithm if the goal is to actually secure data.  But if the goal is to play with cryptography and learn, then doing your own stuff is fun and educational.  But, in that process, also learn as much as you can because starting out, what you're trying is bound to be the simplest possible way of doing things... and hence the most unsecure.

Share this post


Link to post
Share on other sites
Bacterius    13165

So what algorithm would be fast AND secure enough for this kind of thing? (network encryption)

 

SSL/TLS with a decent cipher suite.

 

There are an immense number of pitfalls you can (and will) fall into if you try to design your own encryption algorithm and protocol. A few of them:

- inadequate privacy, this just means your cipher sucks and can be broken by simple cryptanalysis or brute force

- inadequate integrity, someone can modify your stuff in transit and you haven't implemented secure checks for this

- inadequate authentication, someone can impersonate whoever you are trying to communicate with (by intercepting the TCP connection and imposing himself as a middle man) and you wouldn't even know

- replay attacks

- weak password exchange schemes

- side channel attacks

- reverse engineering

- and a thousand more threats you and I cannot even begin to conceive

 

Also, in cryptography, you always prepare for the worst. Saying that only you and your mother are going to use the application is *not* a valid argument. If that is the case, and you are not anticipating anyone trying to attack your protocol, why even bother? You may as well do nothing at all, since you don't know what you are going to defend against. Otherwise, you need to set up a realistic threat model (for instance, I agree it is unlikely your protocol will be targeted by an APT - advanced persistent threat, that's stuff like governments and security agencies - but a lone bored hacker might come across your router, scan it, find an open port, eavesdrop on your protocol, learn it, break it, and then start doing lots of damage).

 

With some cryptography training it is plausible to create your own limited, specialized cryptographic high-level protocol for when nothing else really works, but is still requires a lot of work and peer review, and that does not include whole ciphers and hash functions. If you do that for anything other than learning and fun (which is a fine goal in and of itself, by the way - cryptography is fascinating), then you have failed as a responsible developer.

Share this post


Link to post
Share on other sites
frob    44920

Im fully aware that my code isin't very secure, i just do this to experiment mostly. I might try other tested encryption technique too when i have the time, i just love to do everything in my projects by myself, that's all.

 

If learning is the goal, go read books like Applied Cryptography by Bruce Schneier.

 

You will learn far more by reading books about crypto than by toying around on your own.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this