Hacks, Kludges & Other Such Tomfoolery

[JBookup]

This is why I came here. To learn these things. I now realize the password protection plan is flawed. But hope is still alive in the encrypted message aspects. I think anyways O.o

[P3nT4gR4m]

Encryption is all fine and dandy for legal/semi-legal communications. Ie. ones where the risks of the message being deciphered are negligible but I'm of the firm opinion that if you really want your shit not to get read, you're much better hiding the message. Stick some morse code in the alpha channel of a .png image or shift some bits in an audio track then use the original audio track as the key. While the spooks are busy looking for encrypted messages, we're posting our plans for world domination via funny cat gifs on facebook 

[Pæs]

It could be numbers, symbols, or letters that need to be skipped. This is for encrypting passwords and what not to make it impossible for them to decrypt. Now if me and someone were exchanging encrypted messages. Obviously that other person would have the key and would be able to figure out what doesn't belong. Also these are not programs, I know nothing of those sort of things, though very soon will be trying for I have an ingenious idea. But for the time being these are written out on paper and calculated in my head.

So the key explains which numbers and letters need to be skipped? Rather than being more like a password to unlock the string, as a 'key' often is in cryptography, this is more of a series of instructions? Or would the other person decrypt the string, even with the random noise added, then remove the random symbols simply by taking out the stuff that doesn't make sense?

When you say "impossible to decrypt" do you mean "impossible to decrypt without the key" or is this a one way function from which the original text cannot be retrieved?

[Pæs]

Though it would be still set in stone, but with multiple letters having the same encrypted counterpart.

Whaaaa?

Is there a method by which the decrypter knows which of the many encrypted counterparts you are using?

[JBookup]

Impossible to decrypt without the key/legend. With the legend the person decrpyting would know which letters, numbers, and symbols didn't belong. The method used for creating my legend is impossible to reverse engineer. Without the introduction of random numbers, letters, or symbols a brute force attack could easily break through. But with the introduction of numbers, letters, or symbols at random intervals I think a brute force attack would be ineffective.

As to the question about the multiple letters with the same encrypted counterpart, I didn't really think that through... I guess at the moment they would have to do a lot of guess and check work to decrypt it even with the legend.

[Pæs]

So the random chaff you've thrown in doesn't have legitimate uses in the legend? If ^ is a random symbol, it never corresponds to a letter?

[LMNO]

Paes, remember that this was originally meant for a password, not a message.

In which case, it's irrelevant if a hacker can guess the original password, they just need to find out the sequence of characters.

[Pæs]

Paes, remember that this was originally meant for a password, not a message.

In which case, it's irrelevant if a hacker can guess the original password, they just need to find out the sequence of characters.

If they're brute forcing it by trying every possible character, but if you could reverse engineer any of the rules you could make minor modifications to existing dictionary attacks to speed up the process.

It seems to me, JBookup, like you may be underestimating how quickly a computer can try all permutations of the string which keep the order intact and systematically remove groups of characters, then see if any words fit into the pattern presented.

Do you know if, while attempting to decipher this, the answer will be obvious?

[Pæs]

Is it going to say "this is the plaintext" or similar? Because I can make assumptions about which characters are chaff and make it say "to be carried" or "you will not" or similar.

[Pæs]

Here's some stuff on what I was saying earlier, about security by obscurity and secret encryption processes not being reliable or desirable.

http://www.networkcomputing.com/data-protection/just-say-no-to-proprietary-cryptographic/229502394
https://www.schneier.com/essay-028.html
https://www.owasp.org/index.php/Guide_to_Cryptography#How_to_determine_if_you_are_vulnerable

Mathematically sound cryptography remains secure even if the process is known, so long as the key is not.

[JBookup]

Really I was just trying to make a way to encrypt the alphabet through the use of math. As to what the encryption is intended for I have no idea. At the moment I am bouncing around in which ever direction holds the most promise for what I've already made, though I have what I think are better processes for creating a larger scale more complex legend. Though I am waiting for the results of this first test. The first string I posted does not include random letters, numbers, or symbols. And is fairly obvious. The second string that has Example: preceding it does include random numbers, letters, and symbols.

[Pæs]

But I remain confident that on a 256 key scale the brute force method would be ineffective.

What does this mean to you and how does it apply to what you've made here?

It sounds as though you've got a substitution cipher and I can't tell where the complex math comes in. Did you use a complex process to decide which letter turned into which symbol, because that complexity isn't going to translate forward into the complexity of cracking, it's still a matter of rotating the meaning of each character until readable text is produced.

Are you willing to discuss the process of encipherment so it can be examined in more depth? If that explanation breaks the encryption, I'm afraid you'll have trouble profiting from the scheme.

[Pæs]

Most importantly. How many words are in this string? More than one? How are spaces handled?

[Mesozoic Mister Nigel]

I use the correct horse battery staple method most of the time. It absolutely drives me bugshit when some sites require me to use a combination of capitals, lower case, symbols and numbers, because it's not creating a more secure password, it's just increasing the likelihood that I'll forget it.

[Pæs]

It's not for everyone, but I use hashapass.com which will take a word like "facebook" and master password I use everywhere like "horsebatterystaple" and give me a password with a combination of numbers, symbols and different cases. If I forget that password, I go to hashapass and enter "facebook", "horsebatterystaple" and it uses the same math to crunch those together and give me "dL;t8sDG" again.

If the service I'm using sucks at security, and HAXORS get my password, it only works for facebook and there is no way for them to turn it back into "horsebatterystaple" and figure out my password anywhere else.