encryption scheme
Author
Project page with source, exe, example and explaination
I''ve come up with a way to a create a seemingly random and infinitly sized key to encrypt files.
How easy would this be to crack without the key? Is it something worth using?
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
The key is not random and infinite if it''s generated mathematically.
Anyway, here''s some things to look at:
1) Some keys will be weaker than others.
2) Let A and B be files you want to encrypt, and C be the sequence generated by a key. If A and B are -both- encrypted with C, then after encryption, you have A^C and B^C. If someone intercepts these files, then they can easily find A^B, which can be recovered (by an expert).
3) If I start guessing parts of the original, unencrypted file, then I can just xor it with the encrypted file to find part of the generated sequence. Then I can use that, and the position in the file, to find a pretty good guess for the key.
(related to your implementation)
4) The pow() can be replaced by one multiplication per iteration.
5) Four lines:
if (ch==''+'')
key->add = true;
else
key->add = false;
One line:
key->add = (ch == ''+'');
Problems 2, 3, 4 and 5 should be easy to solve, but number 1... I don''t know.
Anyway, here''s some things to look at:
1) Some keys will be weaker than others.
2) Let A and B be files you want to encrypt, and C be the sequence generated by a key. If A and B are -both- encrypted with C, then after encryption, you have A^C and B^C. If someone intercepts these files, then they can easily find A^B, which can be recovered (by an expert).
3) If I start guessing parts of the original, unencrypted file, then I can just xor it with the encrypted file to find part of the generated sequence. Then I can use that, and the position in the file, to find a pretty good guess for the key.
(related to your implementation)
4) The pow() can be replaced by one multiplication per iteration.
5) Four lines:
if (ch==''+'')
key->add = true;
else
key->add = false;
One line:
key->add = (ch == ''+'');
Problems 2, 3, 4 and 5 should be easy to solve, but number 1... I don''t know.
Author
To test the "randomness" of the key it would be possible to output the results of the equation to a raw file and see what the image looks like.
1) running your key through a bitmap works best for testing. For instance, if you set your key file to
12
d
Then just use a paint program to load the raw data. The picture will be messed up a bit but still recognizable. That''s where with the sample pic at the site you can see just how "random" it comes out. Applying that key to any file will distort it just as much.
Also compare compressing the original file to compressing the encrypted file. The closer the two are in size, the worse your key is.
2) Never use the same key twice. Adding in an extra power to the equation for each file or changing a number is easy.
3) If I just gave you the encrypted file the odds of you guessing it was the unabomber would be pretty low. This basically comes down to making sure the key creates a file that has zero resemblence to the original.
implementation
4) Breaking that down would just add a second loop rather than using a predefined function that does the same thing.
5) I''ll change those.
Thanks for the feedback. This is pretty much a "because I can project" and also a good intro project to linked lists.
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
1) running your key through a bitmap works best for testing. For instance, if you set your key file to
12
d
Then just use a paint program to load the raw data. The picture will be messed up a bit but still recognizable. That''s where with the sample pic at the site you can see just how "random" it comes out. Applying that key to any file will distort it just as much.
Also compare compressing the original file to compressing the encrypted file. The closer the two are in size, the worse your key is.
2) Never use the same key twice. Adding in an extra power to the equation for each file or changing a number is easy.
3) If I just gave you the encrypted file the odds of you guessing it was the unabomber would be pretty low. This basically comes down to making sure the key creates a file that has zero resemblence to the original.
implementation
4) Breaking that down would just add a second loop rather than using a predefined function that does the same thing.
5) I''ll change those.
Thanks for the feedback. This is pretty much a "because I can project" and also a good intro project to linked lists.
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
You can definetly see a pattern in the encrypted data. A really good encryption scheme will look like gussian-noise.
Author
That particular equation sucks much. I created one that had no discernable pattern in a 350x480 image. Very colorful.
You really just have to mess around and with key values for a bit. Dividing by prime numbers seems to work best.
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
You really just have to mess around and with key values for a bit. Dividing by prime numbers seems to work best.
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
like all things,
before you go about trying to figure out how to encrypt, you need to think about what encryption is, what it is used for, how it is used, and etc.
there are several steps to encrypting. first off, you need to do a sort of uml.
-what are the capabilities of my platform?
-how long does the encryption need to be secure?
if a specific algorithm only needs to perform for, say, a few seconds, then complexity may not be as much of an issue compared to an algorithm that needs to be secure for a decade.
-how does it need to be decrypted?
by computer, hand, mental-figuring; keys, equations, masks, etc
-how should it not be decrypted?
etc etc...
there are several steps to make an effective encryption:
-first, disassociate the infromation from its true nature - - hide it in a bitmap, for instance.
-2, alter the data frequencies - - if you are encoding a text file known by interceptors to be english, then you want to destroy the known frequencies of letters in english words...
-3, make a useful and practical encryption scheme, thats for u to research.
i dont think an expert (im not a cryptanalyst, fyi) would have a problem with ur method.
there are ways of encryption that are impossible to break.
one of the easiest ways is using much data to represent values, and also much useless data.
for instance, create a bitmap in word, draw a bunch of text of varing colors and crap on it, and then type some relevant text somewhere ... the *file* will have so much info in it, its impossible to crack for several reasons. 1) each element of data is composed of many bytes, the letter ''T'' being x pixels of y depth. 2) there are slews of random, unrelated data among relevant data. 3) you can apply encryption to the actual text prior to insertion.
these ideas can be applied to software too, i have seen programs that reorganize stuff so it cannot be decompiled easy. with files, you simply need to disassociate the data from known interfaces, like word or paint.
before you go about trying to figure out how to encrypt, you need to think about what encryption is, what it is used for, how it is used, and etc.
there are several steps to encrypting. first off, you need to do a sort of uml.
-what are the capabilities of my platform?
-how long does the encryption need to be secure?
if a specific algorithm only needs to perform for, say, a few seconds, then complexity may not be as much of an issue compared to an algorithm that needs to be secure for a decade.
-how does it need to be decrypted?
by computer, hand, mental-figuring; keys, equations, masks, etc
-how should it not be decrypted?
etc etc...
there are several steps to make an effective encryption:
-first, disassociate the infromation from its true nature - - hide it in a bitmap, for instance.
-2, alter the data frequencies - - if you are encoding a text file known by interceptors to be english, then you want to destroy the known frequencies of letters in english words...
-3, make a useful and practical encryption scheme, thats for u to research.
i dont think an expert (im not a cryptanalyst, fyi) would have a problem with ur method.
there are ways of encryption that are impossible to break.
one of the easiest ways is using much data to represent values, and also much useless data.
for instance, create a bitmap in word, draw a bunch of text of varing colors and crap on it, and then type some relevant text somewhere ... the *file* will have so much info in it, its impossible to crack for several reasons. 1) each element of data is composed of many bytes, the letter ''T'' being x pixels of y depth. 2) there are slews of random, unrelated data among relevant data. 3) you can apply encryption to the actual text prior to insertion.
these ideas can be applied to software too, i have seen programs that reorganize stuff so it cannot be decompiled easy. with files, you simply need to disassociate the data from known interfaces, like word or paint.
1) Yes, it''s pretty easy to check how strong the key is.
2) Other encryption algorithms don''t have that limitation.
3) Fine until you try to encrypt text (such as confidential documents).
4) You don''t need a second loop when you can re-use the first one. What you''re doing is (effectively) this:
for(int i = 0; i < 20; ++i) {
printf("%i ", (int)pow(2, i));
}
What I''m recommending is this:
int power_of_2 = 1;
for(int i = 0; i < 20; ++i) {
printf("%i ", power_of_2);
power_of_2 *= 2;
}
2) Other encryption algorithms don''t have that limitation.
3) Fine until you try to encrypt text (such as confidential documents).
4) You don''t need a second loop when you can re-use the first one. What you''re doing is (effectively) this:
for(int i = 0; i < 20; ++i) {
printf("%i ", (int)pow(2, i));
}
What I''m recommending is this:
int power_of_2 = 1;
for(int i = 0; i < 20; ++i) {
printf("%i ", power_of_2);
power_of_2 *= 2;
}
Author
I updated the source and exe which now produces the .enc.raw which is the full key image and .enc which is the encrypted file
There''s a new encrypted pic with a new key to demonstrate just how distorted it can get with a good key. Maybe there''s a pattern in there somewhere.
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
There''s a new encrypted pic with a new key to demonstrate just how distorted it can get with a good key. Maybe there''s a pattern in there somewhere.
Ben
[The Rabbit Hole | The Labyrinth | Programming | Gang Wars | The Wall]
Writing a good PRNG (pseudo random number generator) is the key problem and one of the most difficult tasks in the field of cryptography. You won''t believe the methods good cryptanalysts have to break PRNGs. Yours is, sorry to say, a very weak one. The formula is mathematically not secure in itself. If you know (in the slightest detail) the cryptanalytic methods used by professionals (eg. if you are a professional yourself), then you can specifically design a formula, that is more resistent against those attacks. Those equations typically are full of mathematically non-reversable tricks, prime numbers, permutations, hashing tables. And even complex PRNGs are broken.
Looking at a noise image doesn''t say much of the real quality of a PRNG. You have to go a lot deeper, if you want to track it''s security: probabilities for certain bitpatterns to appear, repeating patterns, constant shifts, etc. Eg. you have to analyze, if bit 3 of each byte output has a probability to be more often a 1 (instead of a 0) each fifth byte, in that case, it is a weak point. Just a single example, in reality, it''s a lot more involved. It''s real hard mathematic work, and it can take years by professionals to give the label ''secure for use'' to a new PRNG.
Have a look at http://cnscenter.future.co.kr/crypto/algorithm/block.html#analysis, you might be shocked to see *what* kind of methods cryptanalysis uses. I''d say, stay with proven technology. That''s even more important in the field of cryptography.
- AH
Looking at a noise image doesn''t say much of the real quality of a PRNG. You have to go a lot deeper, if you want to track it''s security: probabilities for certain bitpatterns to appear, repeating patterns, constant shifts, etc. Eg. you have to analyze, if bit 3 of each byte output has a probability to be more often a 1 (instead of a 0) each fifth byte, in that case, it is a weak point. Just a single example, in reality, it''s a lot more involved. It''s real hard mathematic work, and it can take years by professionals to give the label ''secure for use'' to a new PRNG.
Have a look at http://cnscenter.future.co.kr/crypto/algorithm/block.html#analysis, you might be shocked to see *what* kind of methods cryptanalysis uses. I''d say, stay with proven technology. That''s even more important in the field of cryptography.
- AH
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
