| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| OblivionX; Yes, I'm back | |
|---|---|
| Topic Started: Nov 26 2008, 12:11 AM (108 Views) | |
| oblivion | Nov 26 2008, 12:11 AM Post #1 |
Oblivious
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
Hi guys, It has been a while since I wrote anything here. My last contribution was the "Oblivion Cipher", and your comments were a good leasson for me. Now I have done some thinking as I promised and hopefully this is a bit more interesting. Let me try to explain what I have come up with. Probably nothing new here but here goes :-) OblivionX ######### 1. Key generation Two passwords are entered and each is used to create a SHA-hash. I have chosen 512 bits. We can call the first key "The Mother Key" and the second "The Morph Key". These two keys are used to create the first key (also a SHA-512 hash) by creating a new string by mixing the "mother key" and the "morph key". Example:
2. Shuffle time :-) Now when we got the first key we can start the encryption process. Based on the first character in Key1 we are using pattern B to scramble the first 16 bytes of data. The patterns* are like arrays containing the values 0 to 31 in a "random" order and tells what position the next 4 bits are going. So the first 16 bytes are converted into hex which allows us to split the byte in two. * There are 16 patterns: A-F, 0-9 Example:
3. Movement Our first chunk is now altered. The first 8 bytes are moved to a "staging area" for a later round. The remaining bytes remains and we fill up with 8 more bytes from the data. Then we check Key1 again to see what pattern we will use this time, in this case pattern F. 4. Shuffle again Sam Example:
5. Movement This time the first 8 bytes are moved to the result and the rest are staying to be concateneted with the next 8 bytes. 6. Almost done In case the data that is left is less than 8 bytes it is padded with zero bytes (Maybe a flaw?) Fortunately in our case it adds up to an even 8 bytes.
The movement is the same as in step 5. 7. Final round We have no more data, but we have 2 pieces of 8 byte each that only were scrambled once. The leftovers from last round and the first 8 bytes from the first round.
From this round all is appended to the result 8. The result
Now the entire process is repeated but the pointer on the key continues. If, or rather when, the whole key is used a new one is generated like the first one but with the difference that the mother key is replaced by Key1. I have not been thinking that much about the patterns or what sizes the chunks or the keys should be. This is more of an experiment to learn, much like my last cipher. (But I hope this one is better) Maybe it will be a bit slow. Maybe I should add some kind of substitution on each byte. What do you think? P.S. It is kind of late in Sweden so there might be some typos, please disregard them or ask if there is anything wierd |
|
The following statement is true. The previous statment is false. | |
 |
 
|
| jdege | Nov 26 2008, 05:47 PM Post #2 |
Elite member
|
I haven't examined your algorithm, yet. I will do so, when I get time. But a couple of thoughts. Your algorithm uses SHA1 hashes - which means it's a system that can only be performed by computer. That means it's competing with the computer-only crypto systems, DES, AES, IDEA, etc. As opposed to competing with the historical pen-and-paper ciphers, like Vigenere, Playfair, Bifid, et al. A computer cipher is expected to stand up to a computerized attack. And there's a very simple test that will determine that a computerized attack is possible - the randomness of the output. If the cryptosystem leaks any statistical information about the plaintext, it can be successfully attacked by computer. That is, if the ciphertext doesn't pass all the standard tests for statistical randomness, it's pretty much a given that there are successful computer-based attacks against it. Case in point - Bruce Schneier's "Solitaire". http://www.schneier.com/solitaire.html That someone discovered that the output was shown to be different from random was taken as proof that the cipher had a weakness, even if no one knew what it was. So if you're looking to evaluate your new cipher, I'd suggest you take a look at the statistical properties of the ciphertext. Does the ciphertext look random? If not, there's most certainly a weakness in there, somewhere. BTW - the reverse is not true. Just because a cipher that produces non-random output can be assumed to be insecure, you cannot assume a cipher that produces random output is secure. There are plenty of ciphers that produce completely random output that can be quite easily broken. But the check for randomness is an easy way of filtering out candidates for consideration. |
| When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. | |
|
|
|
| jdege | Nov 26 2008, 05:54 PM Post #3 |
|
Elite member
|
Just another quick note. I just did a frequency count on: D35916076E2F472C4BF0960764612264206276676566262E1479696060287440 '6' appears 16 times. '2' appears nine times. '3', '8', 'B', 'C', and 'D' each appear only once. 'A' doesn't appear at all. The kappa for a 16-character alphabet should be .0625. That string has a kappa of 0.127. Twice what it should be. I can't tell you how to break it, but I can guarantee to you that it can be broken. |
| When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. | |
|
|
|
| oblivion | Nov 26 2008, 06:22 PM Post #4 |
|
Oblivious
|
Thank you jdege for your input. There is so much to learn and your comments are truly appreciated. |
|
The following statement is true. The previous statment is false. | |
|
|
|
| jdege | Nov 26 2008, 08:09 PM Post #5 |
|
Elite member
|
Have you considered trying to write a hillclimber against it? They're pretty simple in design, and are effective at cracking a great many cryptosystems. |
| When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. | |
|
|
|
| oblivion | Nov 26 2008, 09:54 PM Post #6 |
|
Oblivious
|
I have not until now, so I will Google the term and read about it  Thanks again! |
|
The following statement is true. The previous statment is false. | |
|
|
|
| jdege | Nov 26 2008, 10:55 PM Post #7 |
|
Elite member
|
http://en.wikipedia.org/wiki/Hill_climbing http://www.quadibloc.com/crypto/co040502.htm Rot13's Monosolve is a hill-climber: http://s13.zetaboards.com/Crypto/single/?p=1124&t=123686 |
| When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. | |
|
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · General · Next Topic » |
10:53 AM Nov 8
