73 posts
Location
Hoquiam Wa
Posted 19 April 2017 - 10:25 PM
BrineCrypt will encrypt your files with a password that you input at encryption, when decrypting if you put in the wrong password it gives you something completely different from the original.
run BrineCrypt <filename> enc to encrypt a file
run BrineCrypt <filename> dec to decrypt a file
pastebin link:
https://pastebin.com/qLdJcSn1
Edited on 19 April 2017 - 11:59 PM
756 posts
Posted 19 April 2017 - 11:07 PM
Yet another math.randomseed / math.random encryption algorithm.
Line 16 and 17 is effectively equivalent to Char = (Char+N)%256.
Which is to say that your algorithm is virtually the same as a caesar cipher with a mere 8 bits of security, a maximum of 256 operations to crack a file.
Edited on 20 April 2017 - 03:26 AM
73 posts
Location
Hoquiam Wa
Posted 20 April 2017 - 01:52 AM
Yet another math.randomseed / math.random encryption algorithm.
Line 16 and 17 is effectively equivalent to Char = (Char+N)%256.
Which is to say that your algorithm is virtually the same as a caesar cipher with a mere 8 bits of security, a maximum of 256 operations to crack a file.
I would like to see you crack a file…
756 posts
Posted 20 April 2017 - 04:55 AM
Your wish is my command
Sample text:
https://pastebin.com/p1fS4gBhCracker:
https://pastebin.com/3581pgRhSpoiler
If you get garbled text in automatic mode, that's mainly due to your code on line 17, Char-255 should've been -256, doing -255 prevent a byte from ever being 00, that screws up my thing on rare occasions.
73 posts
Location
Hoquiam Wa
Posted 20 April 2017 - 11:36 PM
Your wish is my command
Sample text:
https://pastebin.com/p1fS4gBhCracker:
https://pastebin.com/3581pgRhSpoiler
If you get garbled text in automatic mode, that's mainly due to your code on line 17, Char-255 should've been -256, doing -255 prevent a byte from ever being 00, that screws up my thing on rare occasions.
Working on security updates now…
BTW with your code the file has to be at least 100 bytes.
Edit: Updated
Edited on 20 April 2017 - 11:04 PM
756 posts
Posted 20 April 2017 - 11:39 PM
Working on security updates now…
Honestly, if you don't know what you're doing, you'll end up patching something that's inherently broken, maybe cryptography is not your cup of tea.
73 posts
Location
Hoquiam Wa
Posted 21 April 2017 - 01:08 AM
Working on security updates now…
Honestly, if you don't know what you're doing, you'll end up patching something that's inherently broken, maybe cryptography is not your cup of tea.
Check it out now.
756 posts
Posted 21 April 2017 - 01:57 AM
BTW with your code the file has to be at least 100 bytes.
Completely unrelated to the cracking, the 100 number is how many characters I show when displaying the decoded text on screen, unrelated to how big your file is.
From glancing at your new code, nothing seems to be fixed, you added some weird way to swap the bytes which doesn't really fix the real problem.
I hate repeating myself, but I'm gonna do it…
maybe cryptography is not your cup of tea.
Edited on 20 April 2017 - 11:58 PM
73 posts
Location
Hoquiam Wa
Posted 21 April 2017 - 02:18 AM
BTW with your code the file has to be at least 100 bytes.
Completely unrelated to the cracking, the 100 number is how many characters I show when displaying the decoded text on screen, unrelated to how big your file is.
From glancing at your new code, nothing seems to be fixed, you added some weird way to swap the bytes which doesn't really fix the real problem.
I hate repeating myself, but I'm gonna do it…
maybe cryptography is not your cup of tea.
Hold up I need to update something…
756 posts
Posted 21 April 2017 - 02:28 AM
Lookup "cryptanalysis of the caesar cipher" on Google or Youtube before updating further.
Edited on 21 April 2017 - 12:36 AM
22 posts
Location
Secret meeting of the South African Internet Users club
Posted 21 April 2017 - 01:37 PM
To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used
properly) is a based on the Vigenere cipher, exculding
quantum cryptography, which is theorised to be unbreakable.
756 posts
Posted 21 April 2017 - 06:13 PM
To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used
properly) is a based on the Vigenere cipher, exculding
quantum cryptography, which is theorised to be unbreakable.
To be honest, I would rather recommend that people interested in this kind of stuff learn about how to use the already secure algorithms correctly, instead of re-inventing the wheel…
This field is pretty complicated to understand, the guy clearly stepped into this without any knowledge of it and it failed completely. ¯\_(ツ)_/¯
Edited on 21 April 2017 - 04:28 PM
73 posts
Location
Hoquiam Wa
Posted 21 April 2017 - 11:06 PM
To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used
properly) is a based on the Vigenere cipher, exculding
quantum cryptography, which is theorised to be unbreakable.
To be honest, I would rather recommend that people interested in this kind of stuff learn about how to use the already secure algorithms correctly, instead of re-inventing the wheel…
This field is pretty complicated to understand, the guy clearly stepped into this without any knowledge of it and it failed completely. ¯\_(ツ)_/¯
You're right this is the first time i've tried something like this and i failed…
73 posts
Location
Hoquiam Wa
Posted 23 April 2017 - 04:01 AM
To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used
properly) is a based on the Vigenere cipher, exculding
quantum cryptography, which is theorised to be unbreakable.
To be honest, I would rather recommend that people interested in this kind of stuff learn about how to use the already secure algorithms correctly, instead of re-inventing the wheel…
This field is pretty complicated to understand, the guy clearly stepped into this without any knowledge of it and it failed completely. ¯\_(ツ)_/¯
You're right this is the first time i've tried something like this and i failed…
New code is on it's way (this will be a complete remake)
73 posts
Location
Hoquiam Wa
Posted 23 April 2017 - 05:06 AM
This is the stronger version of BrineCrypt that is harder to break
Things to know
- If your password is 1 character long Ex:"h" then it will be easy to crack.
- if your password is over one character long but the characters are all the same Ex:"hhhhh" then it is the same as having on character long passwords "hhhhh" is the same as "h"
I have reasons for the following
- if you put in a password like "kdtcndtsnvydvdjr" and lose your file I AM NOT responsible.
Link to the new program:
https://pastebin.com/zjtqYHKRto install run:
pastebin get zjtqYHKR BrineCrypt
686 posts
Posted 23 April 2017 - 06:23 AM
You're still just trying to make your own encryption algorithm without any knowledge of cryptography and it's not going to work. Focus on using one of the existing, tried and proven algorithms for this.
73 posts
Location
Hoquiam Wa
Posted 23 April 2017 - 07:08 AM
You're still just trying to make your own encryption algorithm without any knowledge of cryptography and it's not going to work. Focus on using one of the existing, tried and proven algorithms for this.
Try breaking it if you know so much about cryptography.
Also I like to make my own programs and the reason it's in 2.0B is because it is not confirmed to be secure so i'm seeing if anyone on the forums finds a bug.
Edited on 23 April 2017 - 05:22 AM
756 posts
Posted 23 April 2017 - 07:50 AM
It's a vigenere cipher, very similar way to break as caesar cipher, not going to make a demo for it, I think I've proven my point enough.
353 posts
Location
Orewa, New Zealand
Posted 23 April 2017 - 08:19 AM
Try breaking it if you know so much about cryptography.
You do realize that the members of the forum are here to help you – they
do know more about cryptography than you do, and they would be more than happy to share their wisdom. You don't have to be so hostile towards them when all they want to do is better your understanding.
73 posts
Location
Hoquiam Wa
Posted 23 April 2017 - 04:48 PM
Try breaking it if you know so much about cryptography.
You do realize that the members of the forum are here to help you – they
do know more about cryptography than you do, and they would be more than happy to share their wisdom. You don't have to be so hostile towards them when all they want to do is better your understanding.
It's a vigenere cipher, very similar way to break as caesar cipher, not going to make a demo for it, I think I've proven my point enough.
from my understanding Anvarins is saying it's easy but time consuming.
D3matt & Restioson are saying not to make it yourself.
and you're saying it's guaranteed that every one on this website knows more than me.
194 posts
Posted 23 April 2017 - 06:00 PM
Okay, I'm going to try my best to put both sides of this argument to bed:
He's allowed to make this, don't tell him otherwise. Yes, it probably isn't very good, therefor what point does it have? It really doesn't, but to be fair, security in CC is pointless. if you're really trying to conceal something, why computercraft? Why not go out of game with it?
You should probably put a disclaimer saying that it isn't a proper algorithm and should be used with caution, as it may be easy to crack if someone knows what it is.
Stop telling people what they can/can't do, and just provide constructive criticism.
Anavrins is right, you shouldn't really be advertising this as secure, but go ahead and do as you like.
276 posts
Location
Fairbanks, Alaska
Posted 23 April 2017 - 07:41 PM
Why would you make the password have a limit of 4 characters?
Line 8.
Edited on 23 April 2017 - 05:41 PM
353 posts
Location
Orewa, New Zealand
Posted 23 April 2017 - 10:20 PM
Why would you make the password have a limit of 4 characters?
Line 8.
That just means it masks the input from the user with the character '4'.
from my understanding Anvarins is saying it's easy but time consuming.
It is easy, and quick to break your current algorithm – much like the Caesar cipher you were using earlier.
D3matt & Restioson are saying not to make it yourself.
Only because cryptography isn't easy. If you want to make a file encryption software, it should be secure by using an encryption algorithm already available on the forum, it isn't a bad thing to use someone else's library.
and you're saying it's guaranteed that every one on this website knows more than me.
Not guaranteed, but Anavrins
does know more than you (and me, and a lot of the users on the forum) about cryptography. He is trying to help you, perhaps you should take his advice?
You aren't being attacked, this is constructive criticism, and an opportunity to learn more about cryptography. Up to you.
Edited on 23 April 2017 - 08:22 PM
73 posts
Location
Hoquiam Wa
Posted 24 April 2017 - 12:16 AM
Okay, I'm going to try my best to put both sides of this argument to bed:
He's allowed to make this, don't tell him otherwise. Yes, it probably isn't very good, therefor what point does it have? It really doesn't, but to be fair, security in CC is pointless. if you're really trying to conceal something, why computercraft? Why not go out of game with it?
You should probably put a disclaimer saying that it isn't a proper algorithm and should be used with caution, as it may be easy to crack if someone knows what it is.
Stop telling people what they can/can't do, and just provide constructive criticism.
Anavrins is right, you shouldn't really be advertising this as secure, but go ahead and do as you like.
I never said it was secure, and it is a beta so should you expect it to be secure?
-snip-
my thing with this is that if we all use the same programs then there will be nothing new.
353 posts
Location
Orewa, New Zealand
Posted 24 April 2017 - 01:02 AM
my thing with this is that if we all use the same programs then there will be nothing new.
Not true; you are making something, and you still would be even when using another, more secure algorithm. Many programs can be used to better your own (program integration, frameworks, APIs, etc…)
686 posts
Posted 24 April 2017 - 03:24 AM
You're still just trying to make your own encryption algorithm without any knowledge of cryptography and it's not going to work. Focus on using one of the existing, tried and proven algorithms for this.
Try breaking it if you know so much about cryptography.
Also I like to make my own programs and the reason it's in 2.0B is because it is not confirmed to be secure so i'm seeing if anyone on the forums finds a bug.
I'm not a cryptographer. I'm a sysadmin an amateur programmer. That's why I don't write algorithms, because I
know they're going to end up vulnerable. Instead I take feedback from people who
do know cryptography and do what they say is best.
Being in beta is irrelevant. This is not a bug, this is a
fatal and fundamental flaw. Cryptography is hard. That's OK. That's why we use only a few proven algorithms written by some incredibly smart people, instead of writing our own. There are plenty of ways to create something new while still using an algorithm that's already been written. Even single program I use at work all use the same encryption algorithms but they're all vastly different. You don't need to write your own algorithm to write a file encryption program. I'm writing a login server, which uses several other people's APIs. I'm still creating my own entirely new program that's undoubtedly my own creation.
Edited on 24 April 2017 - 01:25 AM