BrineCrypt (File encryption software)

BrineCrypt will encrypt your files with a password that you input at encryption, when decrypting if you put in the wrong password it gives you something completely different from the original.

run BrineCrypt <filename> enc to encrypt a file
run BrineCrypt <filename> dec to decrypt a file

pastebin link: https://pastebin.com/qLdJcSn1

Yet another math.randomseed / math.random encryption algorithm.
Line 16 and 17 is effectively equivalent to Char = (Char+N)%256.
Which is to say that your algorithm is virtually the same as a caesar cipher with a mere 8 bits of security, a maximum of 256 operations to crack a file.

Anavrins, on 19 April 2017 - 11:07 PM said:

Yet another math.randomseed / math.random encryption algorithm.
Line 16 and 17 is effectively equivalent to Char = (Char+N)%256.
Which is to say that your algorithm is virtually the same as a caesar cipher with a mere 8 bits of security, a maximum of 256 operations to crack a file.

I would like to see you crack a file…

Your wish is my command



Sample text: https://pastebin.com/p1fS4gBh
Cracker: https://pastebin.com/3581pgRh

Spoiler

If you get garbled text in automatic mode, that's mainly due to your code on line 17, Char-255 should've been -256, doing -255 prevent a byte from ever being 00, that screws up my thing on rare occasions.

Anavrins, on 20 April 2017 - 04:55 AM said:

Your wish is my command

Sample text: https://pastebin.com/p1fS4gBh
Cracker: https://pastebin.com/3581pgRh

Spoiler

If you get garbled text in automatic mode, that's mainly due to your code on line 17, Char-255 should've been -256, doing -255 prevent a byte from ever being 00, that screws up my thing on rare occasions.

Working on security updates now…
BTW with your code the file has to be at least 100 bytes.

Edit: Updated

KidBrine, on 20 April 2017 - 11:36 PM said:

Working on security updates now…

Honestly, if you don't know what you're doing, you'll end up patching something that's inherently broken, maybe cryptography is not your cup of tea.

Anavrins, on 20 April 2017 - 11:39 PM said:

KidBrine, on 20 April 2017 - 11:36 PM said:

Working on security updates now…

Honestly, if you don't know what you're doing, you'll end up patching something that's inherently broken, maybe cryptography is not your cup of tea.

Check it out now.

KidBrine, on 20 April 2017 - 11:36 PM said:

BTW with your code the file has to be at least 100 bytes.

Completely unrelated to the cracking, the 100 number is how many characters I show when displaying the decoded text on screen, unrelated to how big your file is.
From glancing at your new code, nothing seems to be fixed, you added some weird way to swap the bytes which doesn't really fix the real problem.

I hate repeating myself, but I'm gonna do it…

Anavrins, on 20 April 2017 - 11:39 PM said:

maybe cryptography is not your cup of tea.

Anavrins, on 21 April 2017 - 01:57 AM said:

KidBrine, on 20 April 2017 - 11:36 PM said:

BTW with your code the file has to be at least 100 bytes.

Completely unrelated to the cracking, the 100 number is how many characters I show when displaying the decoded text on screen, unrelated to how big your file is.
From glancing at your new code, nothing seems to be fixed, you added some weird way to swap the bytes which doesn't really fix the real problem.

I hate repeating myself, but I'm gonna do it…

Anavrins, on 20 April 2017 - 11:39 PM said:

maybe cryptography is not your cup of tea.

Hold up I need to update something…

Lookup "cryptanalysis of the caesar cipher" on Google or Youtube before updating further.

To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used properly) is a based on the Vigenere cipher, exculding quantum cryptography, which is theorised to be unbreakable.

Restioson, on 21 April 2017 - 01:37 PM said:

To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used properly) is a based on the Vigenere cipher, exculding quantum cryptography, which is theorised to be unbreakable.

To be honest, I would rather recommend that people interested in this kind of stuff learn about how to use the already secure algorithms correctly, instead of re-inventing the wheel…
This field is pretty complicated to understand, the guy clearly stepped into this without any knowledge of it and it failed completely. ¯\_(ツ)_/¯

Anavrins, on 21 April 2017 - 06:13 PM said:

Restioson, on 21 April 2017 - 01:37 PM said:

To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used properly) is a based on the Vigenere cipher, exculding quantum cryptography, which is theorised to be unbreakable.

To be honest, I would rather recommend that people interested in this kind of stuff learn about how to use the already secure algorithms correctly, instead of re-inventing the wheel…
This field is pretty complicated to understand, the guy clearly stepped into this without any knowledge of it and it failed completely. ¯\_(ツ)_/¯

You're right this is the first time i've tried something like this and i failed…

KidBrine, on 21 April 2017 - 11:06 PM said:

Anavrins, on 21 April 2017 - 06:13 PM said:

Restioson, on 21 April 2017 - 01:37 PM said:

To make this secure you really need to implement a new cipher. Try to implement the Vigenere cipher. It has been broken, but is a secure cipher as old ciphers with simply understood mathematics go. IIRC the one-time-pad cipher, the most secure cipher (if used properly) is a based on the Vigenere cipher, exculding quantum cryptography, which is theorised to be unbreakable.

To be honest, I would rather recommend that people interested in this kind of stuff learn about how to use the already secure algorithms correctly, instead of re-inventing the wheel…
This field is pretty complicated to understand, the guy clearly stepped into this without any knowledge of it and it failed completely. ¯\_(ツ)_/¯

You're right this is the first time i've tried something like this and i failed…

New code is on it's way (this will be a complete remake)

This is the stronger version of BrineCrypt that is harder to break
Things to know

• If your password is 1 character long Ex:"h" then it will be easy to crack.
• if your password is over one character long but the characters are all the same Ex:"hhhhh" then it is the same as having on character long passwords "hhhhh" is the same as "h"

I have reasons for the following

• if you put in a password like "kdtcndtsnvydvdjr" and lose your file I AM NOT responsible.

Link to the new program:
https://pastebin.com/zjtqYHKR
to install run:
pastebin get zjtqYHKR BrineCrypt

You're still just trying to make your own encryption algorithm without any knowledge of cryptography and it's not going to work. Focus on using one of the existing, tried and proven algorithms for this.

D3matt, on 23 April 2017 - 06:23 AM said:

You're still just trying to make your own encryption algorithm without any knowledge of cryptography and it's not going to work. Focus on using one of the existing, tried and proven algorithms for this.

Try breaking it if you know so much about cryptography.
Also I like to make my own programs and the reason it's in 2.0B is because it is not confirmed to be secure so i'm seeing if anyone on the forums finds a bug.

It's a vigenere cipher, very similar way to break as caesar cipher, not going to make a demo for it, I think I've proven my point enough.

KidBrine, on 23 April 2017 - 07:08 AM said:

Try breaking it if you know so much about cryptography.

You do realize that the members of the forum are here to help you – they do know more about cryptography than you do, and they would be more than happy to share their wisdom. You don't have to be so hostile towards them when all they want to do is better your understanding.

hbomb79, on 23 April 2017 - 08:19 AM said:

KidBrine, on 23 April 2017 - 07:08 AM said:

Try breaking it if you know so much about cryptography.

You do realize that the members of the forum are here to help you – they do know more about cryptography than you do, and they would be more than happy to share their wisdom. You don't have to be so hostile towards them when all they want to do is better your understanding.

Anavrins, on 23 April 2017 - 07:50 AM said:

It's a vigenere cipher, very similar way to break as caesar cipher, not going to make a demo for it, I think I've proven my point enough.

from my understanding Anvarins is saying it's easy but time consuming.
D3matt &amp; Restioson are saying not to make it yourself.
and you're saying it's guaranteed that every one on this website knows more than me.

Okay, I'm going to try my best to put both sides of this argument to bed:

He's allowed to make this, don't tell him otherwise. Yes, it probably isn't very good, therefor what point does it have? It really doesn't, but to be fair, security in CC is pointless. if you're really trying to conceal something, why computercraft? Why not go out of game with it?

You should probably put a disclaimer saying that it isn't a proper algorithm and should be used with caution, as it may be easy to crack if someone knows what it is.

Stop telling people what they can/can't do, and just provide constructive criticism.

Anavrins is right, you shouldn't really be advertising this as secure, but go ahead and do as you like.

Why would you make the password have a limit of 4 characters?

Line 8.

Gumball, on 23 April 2017 - 07:41 PM said:

Why would you make the password have a limit of 4 characters?

Line 8.

That just means it masks the input from the user with the character '4'.

KidBrine, on 23 April 2017 - 04:48 PM said:

from my understanding Anvarins is saying it's easy but time consuming.

It is easy, and quick to break your current algorithm – much like the Caesar cipher you were using earlier.

KidBrine, on 23 April 2017 - 04:48 PM said:

D3matt &amp; Restioson are saying not to make it yourself.

Only because cryptography isn't easy. If you want to make a file encryption software, it should be secure by using an encryption algorithm already available on the forum, it isn't a bad thing to use someone else's library.

KidBrine, on 23 April 2017 - 04:48 PM said:

and you're saying it's guaranteed that every one on this website knows more than me.

Not guaranteed, but Anavrins does know more than you (and me, and a lot of the users on the forum) about cryptography. He is trying to help you, perhaps you should take his advice?

You aren't being attacked, this is constructive criticism, and an opportunity to learn more about cryptography. Up to you.

CLNinja, on 23 April 2017 - 06:00 PM said:

Okay, I'm going to try my best to put both sides of this argument to bed:

He's allowed to make this, don't tell him otherwise. Yes, it probably isn't very good, therefor what point does it have? It really doesn't, but to be fair, security in CC is pointless. if you're really trying to conceal something, why computercraft? Why not go out of game with it?

You should probably put a disclaimer saying that it isn't a proper algorithm and should be used with caution, as it may be easy to crack if someone knows what it is.

Stop telling people what they can/can't do, and just provide constructive criticism.

Anavrins is right, you shouldn't really be advertising this as secure, but go ahead and do as you like.

I never said it was secure, and it is a beta so should you expect it to be secure?

hbomb79, on 23 April 2017 - 10:20 PM said:

-snip-

my thing with this is that if we all use the same programs then there will be nothing new.

KidBrine, on 24 April 2017 - 12:16 AM said:

my thing with this is that if we all use the same programs then there will be nothing new.

Not true; you are making something, and you still would be even when using another, more secure algorithm. Many programs can be used to better your own (program integration, frameworks, APIs, etc…)

KidBrine, on 23 April 2017 - 07:08 AM said:

D3matt, on 23 April 2017 - 06:23 AM said:

You're still just trying to make your own encryption algorithm without any knowledge of cryptography and it's not going to work. Focus on using one of the existing, tried and proven algorithms for this.

Try breaking it if you know so much about cryptography.
Also I like to make my own programs and the reason it's in 2.0B is because it is not confirmed to be secure so i'm seeing if anyone on the forums finds a bug.

I'm not a cryptographer. I'm a sysadmin an amateur programmer. That's why I don't write algorithms, because I know they're going to end up vulnerable. Instead I take feedback from people who do know cryptography and do what they say is best.

Being in beta is irrelevant. This is not a bug, this is a fatal and fundamental flaw. Cryptography is hard. That's OK. That's why we use only a few proven algorithms written by some incredibly smart people, instead of writing our own. There are plenty of ways to create something new while still using an algorithm that's already been written. Even single program I use at work all use the same encryption algorithms but they're all vastly different. You don't need to write your own algorithm to write a file encryption program. I'm writing a login server, which uses several other people's APIs. I'm still creating my own entirely new program that's undoubtedly my own creation.