# My Encryption Algorithm...

Show 80 post(s) from this thread on one page
Page 1 of 2 12 Last
• 07-24-2007
Junior89
My Encryption Algorithm...
Well i couldn't seem to find a good forum (out there on the web) or anything like that for a little review and courteous criticism of my algorithm here. I'm sure it's stupid and insecure but i would like it if someone with some knowledge in the field could point out some of the biggest mistakes i made. I'm not naive and i do know that it probably isn't more than a dressed up XOR encryption but hey, i'll give it a shot!
• 07-25-2007
whiteflags
Well what I do know about xor encryption - which is what your algorithm builds off of - xor encryption seems to work better with (much) longer and significantly random keys. I think that dividing the work and applying xor's to only parts of it is probably wrong, or at least a mistake. So that's something to really think about.

As far as making the encryption stronger, well, most modern algorithms work with hashes and randomness for a reason. Regardless of the strength you're looking for, the permutation step can do so much more than it is right now. Do better than shifting by a constant. I don't find the cyclic approach very clever either, but that's largely an uncomfortable opinion of mine. Think about that too; it should be well disguised if it is to be part of a strong algorithm.

The moral when it comes to cryptography I think, while not something that I've studied in great detail, is that you want to avoid giving crackers really stupid hints. It's better to give a cracker an entire, well-designed prng to crack than coincidentally having 0xA as the first bit to every key, or something, because you've generated small, repetitious keys.
• 07-26-2007
abachler
Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers. Even LSFR are old hat, since you can crack them in polynomial time. Check out this for a decent description of the process.
• 07-26-2007
laserlight
Quote:

Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers.
That sounds more applicable to public cryptography to me, where the keys would be more likely be 1024 bits or larger primes (or probable primes). For example, I think Twofish uses XOR quite extensively.
• 07-26-2007
brewbuck
Quote:

Originally Posted by abachler
Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers. Even LSFR are old hat, since you can crack them in polynomial time. Check out this for a decent description of the process.

The majority of encrypted data in the world is encrypted with XOR. Specifically, the plaintext stream is XOR'd with a key stream generated by a streaming cipher, initialized with a key that is communicated securely via some public key cipher using appropriate protocols.

Encryption using large primes is incredibly slow. It is only used to establish a secure channel for key exchange, or for signature validation.
• 07-26-2007
abachler
Quote:

Originally Posted by brewbuck
Encryption using large primes is incredibly slow.

while million digit primes require about an hour to encrypt with, more reasonably sized primes, such as 64k digit primes take sub-millisecond times. With high speed encryption routines, the final encryption can take as little as 1uS.

Quote:

It is only used to establish a secure channel for key exchange, or for signature validation.
That is incorrect, perhaps it is only used for that purpose in consumer applications.
• 07-26-2007
brewbuck
Quote:

Originally Posted by abachler
That is incorrect, perhaps it is only used for that purpose in consumer applications.

What other application would I be talking about? Obviously there are special purpose systems of all kinds, out there.

My point is that most encryption users are familiar with (SSL) is not based on primes.
• 07-26-2007
laserlight
Quote:

while million digit primes require about an hour to encrypt with, more reasonably sized primes, such as 64k digit primes take sub-millisecond times. With high speed encryption routines, the final encryption can take as little as 1uS.
Would not such small primes become a weakness (e.g., allowing brute force attacks)?

Quote:

That is incorrect, perhaps it is only used for that purpose in consumer applications.
I do not know if the U.S. government uses public key cryptography for more than things like key exchange, but I do know that AES (a symmetric cipher) was approved for use on U.S. government documents, even those at top secret level. Keystream generation aside, even AES uses XOR rather extensively.
• 07-26-2007
abachler
public key cryptography based on the DHM key exchange protocol is a solved problem. Its not secure. The only measure of security it provides is the processing requirements needed to reverse the key exchange using only the public data. At least with publicly available methods. Because the process is deterministic, mathematical theory states that there must exist an algorithm that would make cracking public keys trivial. I wouldnt trust my recipe for chili to AES, let alone my IP...

As for the govt, maybe congress and the FBI use AES, but I guarantee you that the military/NSA/CIA/HLS do NOT use public key exchange in any way shape or form.

64k digit primes (65536 bit) are significantly non-trivial to crack. Even AES 256 and 512, which use 256 bit and 512 bit primes respectively, are non-trivial using public methods.
• 07-26-2007
laserlight
Quote:

public key cryptography based on the DHM key exchange protocol is a solved problem. Its not secure. The only measure of security it provides is the processing requirements needed to reverse the key exchange using only the public data. At least with publicly available methods.
Of course, there is the caveat of "current and near future technology", otherwise quantum computing and the like would make "complexity theoretic" cryptography obsolete. In that sense, I would argue that it is secure. After all, a locked door is secure, but not when you have a fire axe to break it down.

Quote:

I wouldnt trust my recipe for chili to AES, let alone my IP...
Why? What about the other AES finalists?
• 07-26-2007
QuestionC
Quote:

Originally Posted by abachler
Modern cryptoghraphy makes minimal use of XOR. Most of it is based off the Diffy/Hellman/Merkle algorithm using large( >256 bit) prime numbers. Even LSFR are old hat, since you can crack them in polynomial time. Check out this for a decent description of the process.

This is simply not true. Private Key encryption algorithms use XOR all over the place. I'm not talking one-time pad here.. I'm talking DES, Blowfish, AES.
• 07-26-2007
brewbuck
Quote:

Originally Posted by abachler
public key cryptography based on the DHM key exchange protocol is a solved problem. Its not secure. The only measure of security it provides is the processing requirements needed to reverse the key exchange using only the public data. At least with publicly available methods. Because the process is deterministic, mathematical theory states that there must exist an algorithm that would make cracking public keys trivial. I wouldnt trust my recipe for chili to AES, let alone my IP...

With that comment, I'm pretty sure now that you have no idea what you're talking about.
• 07-26-2007
abachler
Quote:

Originally Posted by QuestionC
This is simply not true. Private Key encryption algorithms use XOR all over the place. I'm not talking one-time pad here.. I'm talking DES, Blowfish, AES.

DES - cracked on a circa 1985 desktop (\$1000)
Triple DES - cracked on a circa 1995 cluster (\$10,000)
Blowfish - intentionally so weak it was cracked before full implementation
AES - cracked, at least by the NSA

and we arent talking about private key encryption, we were talking public key encryption. In general during private key encryption, the use of XOR is less as an encryption method, and more as an optimization method for speeding up large scale modulus operations.

Quote:

Originally Posted by brewbuck
With that comment, I'm pretty sure now that you have no idea what you're talking about.

That statement is beneath contempt.
• 07-26-2007
laserlight
Quote:

and we arent talking about private key encryption, we were talking public key encryption. In general during private key encryption, the use of XOR is less as an encryption method, and more as an optimization method for speeding up large scale modulus operations.
No, we are talking about "modern cryptography". If you wanted to talk about public key encryption, then you should have said so, but Junior89's algorithm clearly is not public key cryptography.

Quote:

Blowfish - intentionally so weak it was cracked before full implementation
As far as I know, there is no attack on Blowfish faster than brute force. Perhaps you are confusing attacks on a reduced round Blowfish?

Quote:

AES - cracked, at least by the NSA

I guarantee you that the military/NSA/CIA/HLS do NOT use public key exchange in any way shape or form.

Even AES 256 and 512, which use 256 bit and 512 bit primes respectively, are non-trivial using public methods.
Those are... incredible claims. The first two may be true, but I find no evidence for the latter. What are these "public methods" that you speak of? In fact, since when was there 512 bit AES?

Quote:

64k digit primes (65536 bit) are significantly non-trivial to crack.
Ah, I misread you, I was thinking of numbers in the magnitude of 64000. Looks like you mean "64K bit primes". 64K digit numbers are in the range of 200K bits, which would mean both of us would be wrong :p
I agree that 64K bit keys would be far more than enough security, since I never heard of anyone other than snake oil recommending more than 2K bit keys. Still, the times that you cite sound more like those of a supercomputer than ordinary desktops.
• 07-26-2007
abachler
Quote:

Originally Posted by laserlight
If you wanted to talk about public key encryption

Yes, we are talkling modern crypto, but all crypto can be broken into the two categories public or private key. Since the statements were about public key, I felt it appropriate to illuminate this fact when replying to a comment that changed the discussion from public key to private key in order to attempt to refute a statement made about public key crypto.

Quote:

As far as I know, there is no attack on Blowfish faster than brute force. Perhaps you are confusing attacks on a reduced round Blowfish?
While I provided a link to wikipedia to the original poster, that does not mean I advocate wikipedia as the supreme authority on all things crypto. Blowfish is a running joke in professional crypto circles. Strong enough to avoid cracking on a home computer, but trivial to crack by a foreign power.

Quote:

Those are... incredible claims. The first two may be true, but I find no evidence for the latter. What are these "public methods" that you speak of? In fact, since when was there 512 bit AES?
Last I checked you get AES-512 on thumbdrive encryption utilities.
Show 80 post(s) from this thread on one page
Page 1 of 2 12 Last