Closed-source works if the executable is compressed (say, with UPX), and you put a clause in the license agreement that says that the end-user can't decompress itOriginally Posted by Sebastiani
Closed-source works if the executable is compressed (say, with UPX), and you put a clause in the license agreement that says that the end-user can't decompress itOriginally Posted by Sebastiani
Yes because we all know that the end users always follow the license agreements.
Besides to reverse engineer you don't even need the to look at the program itself. Just have to look at what is outputed for a given input.
But if the algorithm is complex enough, then you wouldn't know how it got that anwser: there could be many ways.
I've already changed the algorithm again (more complex).
Why don't you post the EXE file then, and we'll see if we can crack.
Naturally I didn't feel inspired enough to read all the links for you, since I already slaved away for long hours under a blistering sun pressing the search button after typing four whole words! - Quzah
You. Fetch me my copy of the Wall Street Journal. You two, fight to the death - Stewie
cuz, it's illegal (in the US) to give an encryption program higher than 40-bits to a citizen of another country: if you, XSquared (a Canadian) were to download it, then I would be an "International Arms Trafficker" (http://online.offshore.com.ai/arms-trafficker/)...
Also, the US gov.'t wants the makers of encryption software to make a universal key, so that they can decrypt all encrypted messages made with those programs.
...
You got a link for that? I'd be interested in reading into it more.
Naturally I didn't feel inspired enough to read all the links for you, since I already slaved away for long hours under a blistering sun pressing the search button after typing four whole words! - Quzah
You. Fetch me my copy of the Wall Street Journal. You two, fight to the death - Stewie
Search Google for "US Encryption Laws" or "US Cryptography Laws"
http://www.bxa.doc.gov/Encryption/Default.htm
http://www.cybercrime.gov/crypto.html
My history teacher told me about it (since I was explaining this to him). So, I checked it out for myself, and was shocked (and ........ed off).
One of the reasons on one site for that universal key thing is to "fight terrorism"... stupid gov.'t: using terrorism to take away our liberties! They also say that 10,000 comp.s with intel Pentium II processors would take about 10 years to decrypt a 64-bit encryption.
Well, based on what the algorithm was (from what you previously said), then the same strings (that is, blocks) should always encrypt to the same thing within a given message. If they aren't, then either your code is somehow broken, or the algorithm isn't what you initially described.
If I remember the laws correctly, you have to take "reasonable steps" to ensure that people from a select list of countries do not download the code. At any rate, you can export pseudocode (this I know).
Additionally, the bit about a universal key is ridiculous. Firstly, the government, whatever you think of them, is generally not that blatant. Secondly, if you look at the more common ciphers (Rijndael, Twofish, Blowfish, RC6, MARS, etc), then a mathematical analysis will show that there is no such universal key.
... And the number one rule of espionage is that spies always adhere to license agreements...
If the same key is used to encrypt the same message, then the cipher would be the same, yes.
I've added a feature: the program can produce a pseudorandom key, 40 bytes (320 bits) long that never repeats the same character. It seems to work well, though I know that computers cannot be truely random...
Does seeding the random number generator with the time make it more secure? It seems to me that it would.
Attached is a release of version 1.2 of my program (Crypt -- sorry, I know that there's a UNIX program with this name now!). It should work just fine.
The algorithm I posted here was from 1.0 -- 1.2 has a newer (more secure) algorithm.
Note: if you're going to crack the program, please abide by the license. Also, the code was written in D (not C), so you probably don't have expericence cracking it (it there is any difference, which the might not be).
Last edited by kinghajj; 03-30-2004 at 09:11 PM.
You missed the point. Assume that a single message block (as far as the algorithm is concerned) has a length of 8-bits (this assumption is made for simplicity of argument; to generalize, replace the word 'character' or 'letter' with 'n-bit string' for an n-bit block size). Let us say that the letter 't' appears five times within the message, and the letter 't' encrypts to 'a'. Then, in your ciphertext, the letter 'a' will appear five times. This means that the frequency of letters in your message will remain unchanged from the original. As english words, for example, have certain frequencies with which most letters appear, then it is possible to more easily make mappings from the ciphertext to the plaintext characters. Certainly, however, the english language is not the only thing with such patterns. Program files, for example, have well defined structure, and frequencies with which certain bit strings occur.
A couple things about your random number generator. First, to produce strings that never repeat a single character, just means that you have at least forty different characters to choose from (and, in fact, you have 256 assuming that by character, you mean an 8-bit byte). Second, the fact that it never repeats a character is not good. It is not, then, statistically random. There should be no correlation between one character, and whatever appears after it. That means, that the same character will appear within a string, and will sometimes even follow itself (perhaps even in long strings). There has been a good deal of research into this as well. A series of statistical test known as the die hard tests was created (and I'm sure can be found with a little googling).
At least the EXE runs in WINE. I'll have a look at it when I get some time.
Naturally I didn't feel inspired enough to read all the links for you, since I already slaved away for long hours under a blistering sun pressing the search button after typing four whole words! - Quzah
You. Fetch me my copy of the Wall Street Journal. You two, fight to the death - Stewie
NO NO NO!!!Originally Posted by Zach L.
The letter 't' will be different every time it's encrypted!
Here's 100 encrypted 't's
See? It's not all '': it changes!Code:0pbij_ &r5 OhߗriCն|⨁,UeF<ۚҬu0pbij_
Right... Well then, the encryption algorithm is most certainly not what was mentioned.