Thread: Encryption Question

Originally Posted by Sebastiani

Really? Send me the program and I'll send you back the source code.

Closed-source works if the executable is compressed (say, with UPX), and you put a clause in the license agreement that says that the end-user can't decompress it

Yes because we all know that the end users always follow the license agreements.

Besides to reverse engineer you don't even need the to look at the program itself. Just have to look at what is outputed for a given input.

But if the algorithm is complex enough, then you wouldn't know how it got that anwser: there could be many ways.

I've already changed the algorithm again (more complex).

cuz, it's illegal (in the US) to give an encryption program higher than 40-bits to a citizen of another country: if you, XSquared (a Canadian) were to download it, then I would be an "International Arms Trafficker" (http://online.offshore.com.ai/arms-trafficker/)...

Also, the US gov.'t wants the makers of encryption software to make a universal key, so that they can decrypt all encrypted messages made with those programs.

...

Search Google for "US Encryption Laws" or "US Cryptography Laws"

http://www.bxa.doc.gov/Encryption/Default.htm
http://www.cybercrime.gov/crypto.html

My history teacher told me about it (since I was explaining this to him). So, I checked it out for myself, and was shocked (and ........ed off).

One of the reasons on one site for that universal key thing is to "fight terrorism"... stupid gov.'t: using terrorism to take away our liberties! They also say that 10,000 comp.s with intel Pentium II processors would take about 10 years to decrypt a 64-bit encryption.

Well, based on what the algorithm was (from what you previously said), then the same strings (that is, blocks) should always encrypt to the same thing within a given message. If they aren't, then either your code is somehow broken, or the algorithm isn't what you initially described.

If I remember the laws correctly, you have to take "reasonable steps" to ensure that people from a select list of countries do not download the code. At any rate, you can export pseudocode (this I know).

Additionally, the bit about a universal key is ridiculous. Firstly, the government, whatever you think of them, is generally not that blatant. Secondly, if you look at the more common ciphers (Rijndael, Twofish, Blowfish, RC6, MARS, etc), then a mathematical analysis will show that there is no such universal key.

... And the number one rule of espionage is that spies always adhere to license agreements...

If the same key is used to encrypt the same message, then the cipher would be the same, yes.

I've added a feature: the program can produce a pseudorandom key, 40 bytes (320 bits) long that never repeats the same character. It seems to work well, though I know that computers cannot be truely random...

Does seeding the random number generator with the time make it more secure? It seems to me that it would.

You missed the point. Assume that a single message block (as far as the algorithm is concerned) has a length of 8-bits (this assumption is made for simplicity of argument; to generalize, replace the word 'character' or 'letter' with 'n-bit string' for an n-bit block size). Let us say that the letter 't' appears five times within the message, and the letter 't' encrypts to 'a'. Then, in your ciphertext, the letter 'a' will appear five times. This means that the frequency of letters in your message will remain unchanged from the original. As english words, for example, have certain frequencies with which most letters appear, then it is possible to more easily make mappings from the ciphertext to the plaintext characters. Certainly, however, the english language is not the only thing with such patterns. Program files, for example, have well defined structure, and frequencies with which certain bit strings occur.

A couple things about your random number generator. First, to produce strings that never repeat a single character, just means that you have at least forty different characters to choose from (and, in fact, you have 256 assuming that by character, you mean an 8-bit byte). Second, the fact that it never repeats a character is not good. It is not, then, statistically random. There should be no correlation between one character, and whatever appears after it. That means, that the same character will appear within a string, and will sometimes even follow itself (perhaps even in long strings). There has been a good deal of research into this as well. A series of statistical test known as the die hard tests was created (and I'm sure can be found with a little googling).

Originally Posted by Zach L.

Let us say that the letter 't' appears five times within the message, and the letter 't' encrypts to 'a'. Then, in your ciphertext, the letter 'a' will appear five times.

NO NO NO!!!

The letter 't' will be different every time it's encrypted!

Here's 100 encrypted 't's

Code:

†0¢p¸¦Å‘Ûòbi¤jÌ_º &¤r5 Oh©¨é†ÏÐð¡ß—•riõCÑËÕ¶|â¨�׿,ÉÓU×e
FÓ<ÚÛšõ¼£ƒÒ¬äæu
†0¢p¸¦Å‘Ûòbi¤jÌ_

See? It's not all '†': it changes!

Right... Well then, the encryption algorithm is most certainly not what was mentioned.