Obfuscation, Encryption API Module! (Beta) - ComputerCraft Forums (archive)

LNETeam #1

103 posts

Location Eclipse

Posted 23 May 2014 - 12:22 AM

HELLO Computer Craft Forums! (New Update!)

I have a cool and really useful API that I am working on that will allow for a safer and more secure data storage, wireless communication, and encryption methods that I'd like to share!

This idea was born from the thinking that, "Is there really a secure storage encryption option for me to use in a secure operating system or communication network?" I really didn't know any, so I took an initiative. Introducing, CSafe Encryption Suite.

WHAT IS IT?

[indent=1]CSafe is a encryption suite that utilizes a very old, yet effective method for storing and securing your information. In short it works by creating a long private key that YOU store in the good old cranium for use at the right time.[/indent]

HOW DOES IT WORK?

[indent=1]Excellent question! The encryption side simply takes the key (token) that you create to encrypt files (or directories) that you supply and it will replace corresponding characters to that of your valid key token you created earlier. Completely secure as there is no physical key stored and only you know the key. All of the code formatting remains persistent and will cleanly be converted back via the decryption methods that take the key you supplied and convert it back to it's good 'ol executable state.[/indent]

WHAT ARE SOME USES?

Wireless Secure Transmissions

As an idea, if you were planning on emailing some super secret nuclear launch codes (ICBM mod by Calclavia p.s. Really cool attach a computer as a peripheral and control that way) but you didn't want Swiper to swipe your stuff. Well you can use this program to create a P2P encryption protocol. Decide on a premeditated key and them safely encrypt it in CSafe and email it to your buddy. Then all he has to do is pop in that code and read your codes for world domination.

Isolated User Account Control

Ever hate those pesky floppy disk with a startup program on them? I sure do because then they can easily go into my otherwise "protected" files usually mediated by the host OS, whom is now not in control. But what is that crook ran into some gobbly goo and can't even use your precious files? That's the idea. If I were hosting an education server and wanted five people to share one computer, some immediate problems arise, what is they hack into another persons' account and steal the code for a test? No way to prevent that (unless you store them on a server), but if each account had a unique token that only that student knows, then their code remains secret and accessible only by that particular student.

Password Storage

Pretty simple here, we all usually store our usernames and passwords in a plain text file some 2 or 3 sub-directories down, right? That means they aren't impermeable to crooks. If you created however an instance wide access to those credentials, then that could solve a lot of problems.

WHAT DOES THIS DO FOR ME?

[indent=1]If you are interested, I am working on an entire user module that you can put into an OS that you are working on and have the API maintain user accounts, personal directories, and user states. It will feature tons of customization and will protect the information of your user to the highest extent that it can.[/indent]

DEMO:

[media]https://www.youtube.com/watch?v=cH6yEdPO2U4&feature=youtu.be[/media]

WHERE DO I GET IT?

[indent=1]~~You can currently download the ENCRYPTION portion, this is only one-way currently as I am still working on the decryption half~~. Encryption and decryption methods now complete! There are two small bugs to be aware of though. 1) As of now, the encryption process destroys all uppercase words (in the process of thinking up an idea), 2) I am working on some fine tuning to the loop protocols as it tends to error for not yielding (any sleep time drastically increases completion time), so be aware of large files. All updates will be pushed to this location as well:[/indent]

Source: https://github.com/LNETeam/CSafe

[indent=1]You can enable auto-update by setting "pullUpdates" to true in the source. This requires HTTP API to be enabled.[/indent]

Edited on 23 May 2014 - 09:19 PM

Lyqyd #2

Lyqyd's profile picture

8543 posts

Posted 23 May 2014 - 02:13 AM

Locked. Please report your topic when you have code to show so it can be unlocked for you.

Unlocked so code may be posted.

sci4me #3

sci4me's profile picture

226 posts

Location Earth

Posted 27 May 2014 - 10:43 PM

Constructive criticism: NEVER write your own encryption algorithm and call it secure… I am willing to bet that there is a security flaw in the algorithm. Reason: (afaik) you aren't a cryptographer and haven't put this thing through the proper security tests… no offense, i've written my own too… its just that if you want TRUE security you should use a standard that has gone through the proper professional testing.. like AES.

theoriginalbit #4

7508 posts

Location Australia

Posted 28 May 2014 - 02:08 AM

sci4me, on 27 May 2014 - 10:43 PM said:
-snip-

the best part is they've not used any local variables, meaning there's a bunch of data in the global environment after running this, including the entire contents of the encoded file, unencoded. also seems that they log the entire contents of the file out to a log file. lol.

@OP why call it encryption, its clearly an encoding, you've even called it encode in your code, there's a big difference between encode and encrypt! You should also at least run/test your code, just by looking at it I noticed a missing end.

SquidDev #5

SquidDev's profile picture

1426 posts

Location Does anyone put something serious here?

Posted 29 May 2014 - 02:08 PM

I'm still slightly confused with this:

LNETeam, on 23 May 2014 - 12:22 AM said:
CSafe is a encryption suite that utilizes a very old, yet effective method for storing and securing your information. In short it works by creating a long private key that YOU store in the good old cranium for use at the right time.

Is this just a marginally more secure version of the substitution cipher? It doesn't seem like the token would be that long, and so you could always brute force it. As sci4me says, you need a very secure cipher like AES or RSA (the latter would be overkill).

I cracked this cipher in about 3 minutes. I used this for the basic substitution cracking (I converted each character into a letter of the alphabet so it would actually work). Ok, you could also crack it with Frequency Analysis but it isn't as fun.

I don't like to sound harsh but Do not write your own encryption method.

Edited on 29 May 2014 - 12:23 PM

Wojbie #6

724 posts

Location Kinda lost

Posted 29 May 2014 - 07:23 PM

SquidDev, on 29 May 2014 - 02:08 PM said:
I don't like to sound harsh but Do not write your own encryption method.

Or if you don't feel like implementing secure cipher just find some method from history and make it work for fun :D/> Enigma is a fun encryption method if you get into it. Totally broken by now but would still keep 75% people out.

Sorry for shameless self promotion. If you want to see enigma in lua you can look for mine program.

Edited on 29 May 2014 - 05:24 PM

PixelToast #7

2217 posts

Location 3232235883

Posted 01 June 2014 - 05:51 PM

SquidDev, on 29 May 2014 - 02:08 PM said:
As sci4me says, you need a very secure cipher like AES or RSA (the latter would be overkill).

RSA isnt overkill if you do it efficiently

and i think the best solutions isnt to encrypt, but to send over http
that way the server can control what gets the information

DiamondTNT #8

DiamondTNT's profile picture

8 posts

Location Gallifrey

Posted 06 June 2014 - 09:45 PM

What's the function to call the "encryption"(video has low resolution)? Also, RSA seems to be an issue with ComputerCraft due to the integer limit of 2^32-1. Can anyone point me in a direction to implement this with BigInt?