Jump to content
  • Advertisement

Archived

This topic is now archived and is closed to further replies.

KalvinB

encryption scheme

This topic is 6012 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Advertisement
The key is not random and infinite if it''s generated mathematically.

Anyway, here''s some things to look at:

1) Some keys will be weaker than others.
2) Let A and B be files you want to encrypt, and C be the sequence generated by a key. If A and B are -both- encrypted with C, then after encryption, you have A^C and B^C. If someone intercepts these files, then they can easily find A^B, which can be recovered (by an expert).
3) If I start guessing parts of the original, unencrypted file, then I can just xor it with the encrypted file to find part of the generated sequence. Then I can use that, and the position in the file, to find a pretty good guess for the key.

(related to your implementation)
4) The pow() can be replaced by one multiplication per iteration.
5) Four lines:

if (ch==''+'')
    key->add = true;
else
    key->add = false;

One line:
key->add = (ch == ''+'');


Problems 2, 3, 4 and 5 should be easy to solve, but number 1... I don''t know.

Share this post


Link to post
Share on other sites
To test the "randomness" of the key it would be possible to output the results of the equation to a raw file and see what the image looks like.

1) running your key through a bitmap works best for testing. For instance, if you set your key file to

12
d

Then just use a paint program to load the raw data. The picture will be messed up a bit but still recognizable. That''s where with the sample pic at the site you can see just how "random" it comes out. Applying that key to any file will distort it just as much.

Also compare compressing the original file to compressing the encrypted file. The closer the two are in size, the worse your key is.

2) Never use the same key twice. Adding in an extra power to the equation for each file or changing a number is easy.

3) If I just gave you the encrypted file the odds of you guessing it was the unabomber would be pretty low. This basically comes down to making sure the key creates a file that has zero resemblence to the original.

implementation
4) Breaking that down would just add a second loop rather than using a predefined function that does the same thing.

5) I''ll change those.

Thanks for the feedback. This is pretty much a "because I can project" and also a good intro project to linked lists.

Ben


[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]

Share this post


Link to post
Share on other sites
like all things,
before you go about trying to figure out how to encrypt, you need to think about what encryption is, what it is used for, how it is used, and etc.

there are several steps to encrypting. first off, you need to do a sort of uml.
-what are the capabilities of my platform?
-how long does the encryption need to be secure?
if a specific algorithm only needs to perform for, say, a few seconds, then complexity may not be as much of an issue compared to an algorithm that needs to be secure for a decade.
-how does it need to be decrypted?
by computer, hand, mental-figuring; keys, equations, masks, etc
-how should it not be decrypted?
etc etc...

there are several steps to make an effective encryption:

-first, disassociate the infromation from its true nature - - hide it in a bitmap, for instance.
-2, alter the data frequencies - - if you are encoding a text file known by interceptors to be english, then you want to destroy the known frequencies of letters in english words...
-3, make a useful and practical encryption scheme, thats for u to research.

i dont think an expert (im not a cryptanalyst, fyi) would have a problem with ur method.

there are ways of encryption that are impossible to break.
one of the easiest ways is using much data to represent values, and also much useless data.

for instance, create a bitmap in word, draw a bunch of text of varing colors and crap on it, and then type some relevant text somewhere ... the *file* will have so much info in it, its impossible to crack for several reasons. 1) each element of data is composed of many bytes, the letter ''T'' being x pixels of y depth. 2) there are slews of random, unrelated data among relevant data. 3) you can apply encryption to the actual text prior to insertion.

these ideas can be applied to software too, i have seen programs that reorganize stuff so it cannot be decompiled easy. with files, you simply need to disassociate the data from known interfaces, like word or paint.

Share this post


Link to post
Share on other sites
1) Yes, it''s pretty easy to check how strong the key is.
2) Other encryption algorithms don''t have that limitation.
3) Fine until you try to encrypt text (such as confidential documents).
4) You don''t need a second loop when you can re-use the first one. What you''re doing is (effectively) this:

for(int i = 0; i < 20; ++i) {
    printf("%i ", (int)pow(2, i));
}

What I''m recommending is this:

int power_of_2 = 1;
for(int i = 0; i < 20; ++i) {
    printf("%i ", power_of_2);
    power_of_2 *= 2;
}

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Writing a good PRNG (pseudo random number generator) is the key problem and one of the most difficult tasks in the field of cryptography. You won''t believe the methods good cryptanalysts have to break PRNGs. Yours is, sorry to say, a very weak one. The formula is mathematically not secure in itself. If you know (in the slightest detail) the cryptanalytic methods used by professionals (eg. if you are a professional yourself), then you can specifically design a formula, that is more resistent against those attacks. Those equations typically are full of mathematically non-reversable tricks, prime numbers, permutations, hashing tables. And even complex PRNGs are broken.

Looking at a noise image doesn''t say much of the real quality of a PRNG. You have to go a lot deeper, if you want to track it''s security: probabilities for certain bitpatterns to appear, repeating patterns, constant shifts, etc. Eg. you have to analyze, if bit 3 of each byte output has a probability to be more often a 1 (instead of a 0) each fifth byte, in that case, it is a weak point. Just a single example, in reality, it''s a lot more involved. It''s real hard mathematic work, and it can take years by professionals to give the label ''secure for use'' to a new PRNG.

Have a look at http://cnscenter.future.co.kr/crypto/algorithm/block.html#analysis, you might be shocked to see *what* kind of methods cryptanalysis uses. I''d say, stay with proven technology. That''s even more important in the field of cryptography.

- AH

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!