This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftPrograms
Rectar2's profile picture

ccCrypt - Password-based encryption

Started by Rectar2, 30 September 2014 - 02:21 AM
Rectar2 #1

Rectar2's profile picture

99 posts

Location The Universe

Posted 30 September 2014 - 04:21 AM
ccCrypt

The program that wants to be CRYPTUM (Seriously, use Cryptum instead)

ccCrypt is a password-based file encryption program. This can be useful if you're on a server and you for some reason want to have a private diary on a Minecraft server where an administrator can easily permanently remove all data relating to said diary.

Usage
SpoilerEncryption

ccCrypt encrypt <in> <out> <key>
in - The file to encrypt
out - Where to save the encrypted file
key - The password to encrypt the file with

Decryption

ccCrypt decrypt <in> <out> <key>
in - The file to decrypt
out - Where to save the decrypted file
key - The key the file was encrypted with

Pastebin:

pastebin get 8aF5gH9b ccCrypt
Edited on 01 October 2014 - 08:43 PM
tenshae #2

tenshae's profile picture

69 posts

Posted 30 September 2014 - 04:51 AM
This looks really cool.
Anavrins #3

Anavrins's profile picture

756 posts

Posted 30 September 2014 - 05:50 AM
Line 16: local key = tonumber(table.concat({string.byte(args[4])}))
string.byte only returns the first character's byte, something like "P@55W0RD" will be considered as "P".

So your key-space only contains 256 keys, very easy to bruteforce.
Edit: A little too easy, YYGj439R
Edited on 30 September 2014 - 10:53 AM
Rectar2 #4

Rectar2's profile picture

99 posts

Location The Universe

Posted 30 September 2014 - 09:27 PM
Anavrins, on 30 September 2014 - 05:50 AM said:
Line 16: local key = tonumber(table.concat({string.byte(args[4])}))
string.byte only returns the first character's byte, something like "P@55W0RD" will be considered as "P".

So your key-space only contains 256 keys, very easy to bruteforce.
Edit: A little too easy, YYGj439R
Shows how hastily I was writing this, I forgot to make it read the entire string…
*facepalm*

Fixed and updated.
Edited on 30 September 2014 - 07:30 PM
Anavrins #5

Anavrins's profile picture

756 posts

Posted 01 October 2014 - 02:03 AM
And now decryption is broken :)/>
Long password will create very large keys and tonumber() will converts them into something like "1.2106920108431e+026"
Emma #6

Emma's profile picture

218 posts

Location tmpim

Posted 01 October 2014 - 03:14 AM
Anavrins, on 01 October 2014 - 02:03 AM said:
And now decryption is broken :)/>
Long password will create very large keys and tonumber() will converts them into something like "1.2106920108431e+026"

Why would that break the decryption?
EDIT: I tried it, and see why. This is because tonumber("1.210blahblahblahe+20") or whatever isn't recognized as a number, the problem is, this can't be overcome by a simple nil check, because 1.210blahblahblahe+20 isn't necessarily the whole of the number, otherwise using such notation would be redundant. So I propose something like this for the encryption:
EDIT 2: Apparently this doesn't work, I will do more research

-- snip --
local c = i:sub(c,c)
c = c:byte()*key
o = o..string.format("%18.0f",c)..","

EDIT 3: Ok, so I found a solution, however, it requires the bigNum api, which you probably won't be using. So, sorry!
Edited on 01 October 2014 - 01:36 AM
Anavrins #7

Anavrins's profile picture

756 posts

Posted 01 October 2014 - 05:28 AM
incinirate, on 01 October 2014 - 03:14 AM said:
– Snip
Either way, the method used here is flawed.
Whatever the key is, each character in the plaintext is going to be equally shifted.
This mean the letter frequency stays intact and you can look for patterns in the ciphertext.
Luckily, Lua is full of predictable patterns, (if, then, else, elseif, for, while, repeat, end, local, function, term, etc…)

To prevent patterns like that, you need to shift each characters randomly.
You can use the key to feed math.randomseed with a unique seed, and shift each characters with math.random
Emma #8

Emma's profile picture

218 posts

Location tmpim

Posted 01 October 2014 - 06:25 AM
Anavrins, on 01 October 2014 - 05:28 AM said:
incinirate, on 01 October 2014 - 03:14 AM said:
– Snip
Either way, the method used here is flawed.
Whatever the key is, each character in the plaintext is going to be equally shifted.
This mean the letter frequency stays intact and you can look for patterns in the ciphertext.
Luckily, Lua is full of predictable patterns, (if, then, else, elseif, for, while, repeat, end, local, function, term, etc…)

To prevent patterns like that, you need to shift each characters randomly.
You can use the key to feed math.randomseed with a unique seed, and shift each characters with math.random

Exactly what I was thinking, and that's how I implemented it in my Cryptum program. #ShamelessSelfPromotion
Rectar2 #9

Rectar2's profile picture

99 posts

Location The Universe

Posted 01 October 2014 - 10:45 PM
I suppose I didn't think about all the security flaws, but then again, I did write this in the back of a car during a road trip… I have an idea! I'll just take Cryptum's source code, rewrite it using the same exact algorithms but in different dialects, and release that as my own code!
#ShamelessPlagarism
LDDestroier #10

LDDestroier's profile picture

1715 posts

Location ACDC Town

Posted 03 November 2014 - 05:30 PM
Looks cool. You should do a rednet chat program with this, or a rednet file transfer. Release this as an api so people can utilize this.