| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
- Pages:
- 1
- 2
| Crypto Forum Collaborative Algorithim | |
|---|---|
| Topic Started: Sep 1 2005, 05:40 AM (1,066 Views) | |
| PulsarSL | Sep 1 2005, 05:40 AM Post #1 |
|
Super member
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
Hello everyone, I know it's a bit early, but I just want to get this idea out there. I think it'd be really sweet if we all put our heads together and made a good encryption algorithim. I'm really interested in cryptography but there are some concepts I don't understand fully, but I've got other skills, mainly programming. I think that if we all worked together, we could develop a decent algorithim, and, in addition, the whole project would be a wonderful learning experience for anybody getting their feet wet. Watcha think? --PulsarSL |
 |
 
|
| insecure | Sep 9 2005, 05:38 PM Post #2 |
|
Elite member
|
As long as we all understand it's just for laughs and learning. If you're hoping to earn a million from it, forget it. There's so much cool free stuff out there that's way better than anything we would be able to do ourselves. Twofish, Rijndael (AES), etc etc. |
|
|
|
| Revelation | Sep 9 2005, 07:09 PM Post #3 |
Administrator
|
Of course we do it for fun, because we all like cryptography (I think)
 Sounds like a cool idea, I am a programmer too
|
|
RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN | |
|
|
|
| PulsarSL | Sep 9 2005, 08:20 PM Post #4 |
|
Super member
|
Definatly not for the money, I meant it as a learning experience... I don't know a whole lot about the actual algorithims behind the encryption, though I think it's cool and would like to know how they work. |
|
|
|
| insecure | Sep 11 2005, 01:12 AM Post #5 |
|
Elite member
|
What sort of cipher did you have in mind? Stream cipher? Block cipher? |
|
|
|
| Donald | Sep 11 2005, 06:08 AM Post #6 |
|
Elite member
|
How about a "good" pen and paper cipher? Here is a somewhat elaborate system that I play with at times: (Cryptwolf suggested much of the system to me) I'm putting the entire thing inside a code block so the spacing will work out right.
Of course, I wouldn't expect this to hold out against the NSA if they really wanted to read it, but I certainly wouldn't want to try and crack this code. On the negative side, with three encryption steps (not counting creating the checkerboards) it's slow and vulnerable to errors. |
|
|
|
| insecure | Sep 11 2005, 06:31 AM Post #7 |
|
Elite member
|
Here are your two keys, and my two (based on passwords insecure93 and crypto05, which I did not prepare especially):
As we can see, A appears in position 2 three times out of four (for these keys); M appears in position 3 twice; Z in pos 4 three times; B in position 5 twice; and so on. This suggests that it might be possible massively to reduce the amount of work needed for a successful decrypt (compared to brute force). It's not an attack as such, but it could easily lead to one in the hands of someone with a little more determination than me! |
|
|
|
| Donald | Sep 11 2005, 01:42 PM Post #8 |
|
Elite member
|
Darn good point. The "random" alphabets are not random enough, not by far. First, solution, in general keys chosen need to be stronger then the examples I used. A dictionary attack would be EASY if all keys are a word plus a two digit number. The maximum brute force search space of key#1 and key#3 is 36!=3.7E+0041, which is actually better than 128 bit AES (3.4E+0038). But, on a practical level, folks are VERY unlikely to choose key phrases long enough to actually use the entire alphabet and all 10 digits. BUT, we could at least suggest that the following rules for key phrases: 1: Keys should consists of at least two words joined by a number, more words is better. 2: At least one of the words in the key should be something that would NOT appear in a dictionary and is not a common name. (misspelled, first letters of a poem, etc) (This rule is of limited use since the very nature of these passphrases drops letters and is likely to drop the misspelled letters) AND, we could change the way the scrambled alphabets are created. Instead of putting the alphabet under the key starting at A, we could start with the next letter (or digit) after the last letter (or digit) of the passphrase. So, for example, with the passphrase: breakfast34amfiog (A Mighty Fortress Is Our God) breakfst34mig hjlnopquvwxyz cd01256789 bhcrjdel0an1ko2fp5sq6tu73v84w9mxiygz That randomizes the alphabet a BIT better, but also really shows off the weakness of this system. Since repeat letters are dropped, the passphrase looses more and more characters as it get's longer. creating passphrases with a significant amount of entropy will be pretty difficult. |
|
|
|
| insecure | Sep 12 2005, 03:03 PM Post #9 |
|
Elite member
|
Is this one dead in the water, Donald? I was planning to implement it as a program (as befits a pencil-and-paper cipher!), but I won't do so if we don't plan to progress with it further. If it's not dead, do you think the implementation should adopt your suggested change in the method of generating the key, or stick to the original method? |
|
|
|
| Donald | Sep 12 2005, 05:41 PM Post #10 |
|
Elite member
|
Not as far as I'm concerned.
Needs to adopt the changed method. AND, I've been thinking on this. This isn't exactly a PRACTICAL cipher, so we might as well add one more small step that will increase the randomness of the checkerboards. when creating the checkerboards: Write down your keyword, eliminating any duplicate characters. Write down the remaining alphabet underneath the keyword, STARTING at the next character after the last character of the keyword. Pull off by collumns, IN ALPHABETIC ORDER OF THE KEY. note that numbers will sort before letters. With those two rules we should get a VERY randomized alphabet. It's main weakness being that the first character will almost always be a numeric. I'm not certain how much of a weakness that is. Of course, we can add all kinds of specifications for the key that will make the key stronger: (two words, numbers, and at least one of the words not in the dictionary), but those aren't properly part of the definition of the cipher, are they? So, with those specifications, what do you think? What would be the primary method of attack against such a cipher? Is there any way to undo the last step better than brute force? (There has simply GOT to be) Edit: Oh, and this is a Collaborative effort, so everyone should feel free to make their own suggestions on how the algorithm should work! There are certainly even more elaborate ways to randomize the alphabets, should we use them? Does the transposition step really add anything? Would double transposition be worth the effort? Is the entire concept of this cipher flawed? And, now that I think of it, does pulling the collumns for the checkerboard in alphabetic order actualy REDUCE the randomness? Lots of room for discussion and development here. Also, Insecure, what language are you working in? C++ or Java? I'm more comfortable with Java, but, hey, all programming languages are turing machines. Well, except for RPG, that was the only "language" I could never wrap my brain around. The entire flow of the program shouldn't shift because I put a 1 in collumn 120 instead of 121. Ick!!!! Donald |
|
|
|
| insecure | Sep 12 2005, 09:53 PM Post #11 |
|
Elite member
|
In my experience, one of the biggest problems in software development is that of an unclear specification, so I want to be sure - if I'm going to code this - that I'm coding the right thing. Your specification is now split across at least three articles - hardly your fault!, but nevertheless true. The first article was beautifully clear, and included an excellent example worked both forwards (enc) and backwards (dec), but the mods have muddied the waters somewhat. It would be a big win for those who wish to code this, or even just to use it, if you could re-present the algorithm in the same style as your first article, but with the mods in place, as if you'd thought of doing it that way to start off with. To answer your language question, I favour the C language, since I can generally code pretty well anything (all right, anything I understand!) very quickly in it, and of course because it's portable between my OS and that other one that so many people seem to be using nowadays - you know, the one shipped by that chap from Washington State, whose name escapes me right now. But I can grok other languages if need be. |
|
|
|
| Donald | Sep 13 2005, 05:49 AM Post #12 |
|
Elite member
|
For keywords 1 and 3 pulling off by alphabetic order is a STUPID STUPID idea. darn stupid. I'm an idiot. BUT, after some playing around, I think I came up with a system that randomizes the alphabets pretty well. It looks a bit nasty at first, but it's really not that complicated once you get your brain wrapped around the idea. So, yet another attempt at a specification:
And, as before, please do NOT feel that you will be insulting me if you find a weakness or come up with a better idea. That's what "Collaborative" is all about! And, besides, we KNOW this thing has weaknesses. It's not a new idea (it's just a more complex version of the <bifid cipher>), if it was as strong as blowfish or AES, or even DES, they wouldn't have had to work so hard to create those much more complicated modern algorithms. But, for a pen and paper cipher, I think it would be pretty nasty to crack. What holes are left now that we have (hopefully), improved the randomization of the alphabets? Can we get better than a brute force attack on keyword #3? Donald |
|
|
|
| insecure | Sep 13 2005, 06:40 AM Post #13 |
|
Elite member
|
I'll take a more detailed look when I have some time. Well done for spotting a weakness in the mod. Key Learning Point for newbies: if you want to develop your own cipher, you'll have to learn a thing or two about analysis; just shrugging your shoulders at your apparently random output and thinking "that's uncrackable" isn't good enough. Donald's identification of a weakness in his own idea is in itself a very strong indication that he has - at the very least - a rough idea what he's doing. (In fact, reading his other articles, I get the distinct impression that he is probably the best cryppie in this group so far.) Donald is also right to draw attention to the fact that it is not insulting or rude for others to point to weaknesses in the algorithm. In fact, to discover such weaknesses might be said to be the purpose of the exercise. |
|
|
|
| Donald | Sep 13 2005, 12:00 PM Post #14 |
|
Elite member
|
Well, I thank you kindly, but it's HIGHLY unlikely! I've been interested in cryptography since I was a little kid, but I've never gotten beyond very simple cryptanalysis. Revelation has written his own stego, you seem knowledgable, lots of other folks here probably understand more crypto than I do. Heck, PulsarSL says he's brand new at this and he's already cracked one of the challanges before I did.
 Me, I don't even understand what an S Box IS. I'm definitely a rank amature. Donald |
|
|
|
| PulsarSL | Sep 13 2005, 07:33 PM Post #15 |
|
Super member
|
It was uberly simple... I wouldn't know how to even go about cracking anything harder than that. |
|
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| Go to Next Page | |
| « Previous Topic · Community · Next Topic » |
- Pages:
- 1
- 2
11:45 AM Nov 27
