1. ## Encryption Question

What is ment by 128-bit encryption? Does that mean that the key size is 128 bits (64 bytes)? [I'm trying to determine what kind of bit encryption my program has].

EDIT:
wait: 128 bits would be 16 bytes.

2. Originally Posted by kinghajj
What is ment by 128-bit encryption? Does that mean that the key size is 128 bits (64 bytes)?
Well for starters, 128 bits != 64 bytes. Unless you for some reason have two-bit bytes. Perhaps you meant 16? You could always visit Google, which would give you something like this.

Quzah.

3. ok, then

in my program, the key can be up to 1024 bytes long, or 8192 bits. Using a formula that 2^n, where n is the number of bits, produces the number of possible keys, then my program has 2^8192 possible keys, or 1.0907481356194159294629842447338e+2466 (that number's from MSCalc).

So.. my program is secure (as long as the keys are random).

4. Not necessarily. What algorithm are you using?

5. Security depends on many things, not just key size. I'd suggest you review these, if you haven't already
http://www.faqs.org/faqs/cryptography-faq/

6. Currently, it is:

C = M ^ K % 26
M = C ^ K % 26

but I'm changing that soon (if I can get it to work!) to be more secure.

7. Actually, you only have 26 possible different keys that will produce unique output.

8. Originally Posted by XSquared
Actually, you only have 26 possible different keys that will produce unique output.
oh
then take off the modulo?

9. Even so, that algorithm leaves certain properties of the plaintext intact (frequency of characters remains unchanged, and a given string of bits always encrypts to the same thing in a given message). If you actually need this for security, it would be best to use a more proven algorithm (Rijndael, Twofish, RC6 for example). Even if you are just playing around with cryptography, you might want to look into these, to figure out why these are considered fairly safe.

10. Originally Posted by Zach L.
Even so, that algorithm leaves certain properties of the plaintext intact (frequency of characters remains unchanged, and a given string of bits always encrypts to the same thing in a given message). If you actually need this for security, it would be best to use a more proven algorithm (Rijndael, Twofish, RC6 for example). Even if you are just playing around with cryptography, you might want to look into these, to figure out why these are considered fairly safe.
but, if the key is truely random (and takes up 1024 keys) then my algorithm is very good, correct?

I've already changed the algorithm from that, too.

11. >>if the key is truely random
No. As already mentioned, leaving characters in plaintext, or potential for frequency analysis is not good. Also, what's "truely random" ?

12. Originally Posted by Hammer
>>if the key is truely random
No. As already mentioned, leaving characters in plaintext, or potential for frequency analysis is not good. Also, what's "truely random" ?
meaning that it's not "psuedo-random": the key it just random characters, like "j5sav35qs" that have no significance (i.e. dates, names, etc.)

Yes, if the intruder were to have both the plaintext and the ciphertext, then he could decrypt it. But, I don't see a way to decrypt with just the ciphertext.

13. Rule number 1: If a computer generated the key its not truely random
Rule number 2: If a human generated the key its not truely random

Why? For Rule 1 every computer uses a certain procedure(s) to determine the key. Regardless of the complexity of that procedure its still a mechnical process that can be duplicated.

For Rule 2 its because humans are incapable of making a truly random decision. Take for example picking a number from 1 to 10. If I know enough about you and how you think I could guess the number far more often then not. Another is typing random keys on the keyboard: certain keys will get pressed more often the others (generally the home row on the right hand).

We had a discussion on this topic and basically there is nothing random in the world. IIRC the chaos theory even states that.

14. If you think that my encryption has a flaw, then try this:

Code:
```(>\$w7J+[Td`e7`wb{7'48hm5 z'%Ns6\$-!3P"NC0qbqc`yw;z_
ZFss\$4iew=```

15. That post made it blatantly obvious that you didn't read Hammer's post. It said that you can't expect someone to tell you how secure your encryption algorithm is by just posting cyphertext. The only way to determine how secure it is is by looking at the actual source code, or at least by giving us the plaintext. Also, it seems that you're using the entire ASCII character set, so you would probably wanna attach it as a file.