News:

PD.com: children are filled with joy, adults are filled with dread and local government is filled with stupid

Main Menu

Hacks, Kludges & Other Such Tomfoolery

Started by Shibboleet The Annihilator, April 26, 2010, 02:12:45 PM

Previous topic - Next topic

JBookup

This is why I came here. To learn these things. I now realize the password protection plan is flawed. But hope is still alive in the encrypted message aspects. I think anyways O.o

P3nT4gR4m

Encryption is all fine and dandy for legal/semi-legal communications. Ie. ones where the risks of the message being deciphered are negligible but I'm of the firm opinion that if you really want your shit not to get read, you're much better hiding the message. Stick some morse code in the alpha channel of a .png image or shift some bits in an audio track then use the original audio track as the key. While the spooks are busy looking for encrypted messages, we're posting our plans for world domination via funny cat gifs on facebook  8)

I'm up to my arse in Brexit Numpties, but I want more.  Target-rich environments are the new sexy.
Not actually a meat product.
Ass-Kicking & Foot-Stomping Ancient Master of SHIT FUCK FUCK FUCK
Awful and Bent Behemothic Results of Last Night's Painful Squat.
High Altitude Haggis-Filled Sex Bucket From Beyond Time and Space.
Internet Monkey Person of Filthy and Immoral Pygmy-Porn Wart Contagion
Octomom Auxillary Heat Exchanger Repairman
walking the fine line line between genius and batshit fucking crazy

"computation is a pattern in the spacetime arrangement of particles, and it's not the particles but the pattern that really matters! Matter doesn't matter." -- Max Tegmark

Pæs

Quote from: JBookup on February 12, 2014, 02:48:10 PM
It could be numbers, symbols, or letters that need to be skipped. This is for encrypting passwords and what not to make it impossible for them to decrypt. Now if me and someone were exchanging encrypted messages. Obviously that other person would have the key and would be able to figure out what doesn't belong. Also these are not programs, I know nothing of those sort of things, though very soon will be trying for I have an ingenious idea. But for the time being these are written out on paper and calculated in my head.

So the key explains which numbers and letters need to be skipped? Rather than being more like a password to unlock the string, as a 'key' often is in cryptography, this is more of a series of instructions? Or would the other person decrypt the string, even with the random noise added, then remove the random symbols simply by taking out the stuff that doesn't make sense?

When you say "impossible to decrypt" do you mean "impossible to decrypt without the key" or is this a one way function from which the original text cannot be retrieved?

Pæs

Quote from: JBookup on February 12, 2014, 01:54:06 PM
Though it would be still set in stone, but with multiple letters having the same encrypted counterpart.

Whaaaa?

Is there a method by which the decrypter knows which of the many encrypted counterparts you are using?

JBookup

Impossible to decrypt without the key/legend. With the legend the person decrpyting would know which letters, numbers, and symbols didn't belong. The method used for creating my legend is impossible to reverse engineer. Without the introduction of random numbers, letters, or symbols a brute force attack could easily break through. But with the introduction of numbers, letters, or symbols at random intervals I think a brute force attack would be ineffective.

As to the question about the multiple letters with the same encrypted counterpart, I didn't really think that through... I guess at the moment they would have to do a lot of guess and check work to decrypt it even with the legend.

Pæs

So the random chaff you've thrown in doesn't have legitimate uses in the legend? If ^ is a random symbol, it never corresponds to a letter?

LMNO

Paes, remember that this was originally meant for a password, not a message.

In which case, it's irrelevant if a hacker can guess the original password, they just need to find out the sequence of characters.

Pæs

Quote from: LMNO, PhD (life continues) on February 12, 2014, 09:09:37 PM
Paes, remember that this was originally meant for a password, not a message.

In which case, it's irrelevant if a hacker can guess the original password, they just need to find out the sequence of characters.

If they're brute forcing it by trying every possible character, but if you could reverse engineer any of the rules you could make minor modifications to existing dictionary attacks to speed up the process.

It seems to me, JBookup, like you may be underestimating how quickly a computer can try all permutations of the string which keep the order intact and systematically remove groups of characters, then see if any words fit into the pattern presented.

Do you know if, while attempting to decipher this, the answer will be obvious?

Pæs

Is it going to say "this is the plaintext" or similar? Because I can make assumptions about which characters are chaff and make it say "to be carried" or "you will not" or similar.

Pæs

Here's some stuff on what I was saying earlier, about security by obscurity and secret encryption processes not being reliable or desirable.

http://www.networkcomputing.com/data-protection/just-say-no-to-proprietary-cryptographic/229502394
https://www.schneier.com/essay-028.html
https://www.owasp.org/index.php/Guide_to_Cryptography#How_to_determine_if_you_are_vulnerable

Mathematically sound cryptography remains secure even if the process is known, so long as the key is not.

JBookup

Really I was just trying to make a way to encrypt the alphabet through the use of math. As to what the encryption is intended for I have no idea. At the moment I am bouncing around in which ever direction holds the most promise for what I've already made, though I have what I think are better processes for creating a larger scale more complex legend. Though I am waiting for the results of this first test. The first string I posted does not include random letters, numbers, or symbols. And is fairly obvious. The second string that has Example: preceding it does include random numbers, letters, and symbols.


Pæs

Quote from: JBookup on February 11, 2014, 07:13:12 PM
But I remain confident that on a 256 key scale the brute force method would be ineffective.
What does this mean to you and how does it apply to what you've made here?

It sounds as though you've got a substitution cipher and I can't tell where the complex math comes in. Did you use a complex process to decide which letter turned into which symbol, because that complexity isn't going to translate forward into the complexity of cracking, it's still a matter of rotating the meaning of each character until readable text is produced.

Are you willing to discuss the process of encipherment so it can be examined in more depth? If that explanation breaks the encryption, I'm afraid you'll have trouble profiting from the scheme.

Pæs

Most importantly. How many words are in this string? More than one? How are spaces handled?

Mesozoic Mister Nigel

I use the correct horse battery staple method most of the time. It absolutely drives me bugshit when some sites require me to use a combination of capitals, lower case, symbols and numbers, because it's not creating a more secure password, it's just increasing the likelihood that I'll forget it.
"I'm guessing it was January 2007, a meeting in Bethesda, we got a bag of bees and just started smashing them on the desk," Charles Wick said. "It was very complicated."


Pæs

It's not for everyone, but I use hashapass.com which will take a word like "facebook" and master password I use everywhere like "horsebatterystaple" and give me a password with a combination of numbers, symbols and different cases. If I forget that password, I go to hashapass and enter "facebook", "horsebatterystaple" and it uses the same math to crunch those together and give me "dL;t8sDG" again.

If the service I'm using sucks at security, and HAXORS get my password, it only works for facebook and there is no way for them to turn it back into "horsebatterystaple" and figure out my password anywhere else.