Forum

> > Off Topic > Qrchack's Simple Encryption
Forums overviewOff Topic overviewLog in to reply

English Qrchack's Simple Encryption

22 replies
Page
To the start Previous 1 2 Next To the start

old Qrchack's Simple Encryption

Geez
GAME BANNED Off Offline

Quote
Hi, today I want to show you my project I was developing last week. At this point please notice that the encryption system described here is just theoretical. There aren't any binaries etc. avaible. Also please keep in mind that it all is designed to be really simple, not to protect as much as possible.

> 1. Algorithm overview
More >


> 2. QSE file specification
More >


> 3. Implementations
More >


Feel free to post your comments/ideas/hates here.

old Re: Qrchack's Simple Encryption

DannyDeth
User Off Offline

Quote
Being a fixed permutation, it's not a cipher. If you want to get into cryptography, this is not the way to go. At all. Eek!

EDIT: Aah, you want to store passwords with it? Even worse. You shouldn't use two-way function for storing a password, hence why we use hashes such as MD-(2,4,5), SHA-1, SHA-2, SHA-3 ( recently announced this year! The entrant Keccak won because it's structure was very different to it's predecessors, hence cryptanalytic attacks against previous versions of SHA wouldn't be applicable ( in any f-adapted form ) to SHA-3. Pointless in my opinion, since there will be attacks against it eventually, and if anything the older structure has really held the test of time! ), etc.

I'd suggest you read Practical Cryptography by Bruce Schneier, a friend lent me his copy nearly a year ago, it's an excellent book ( I actually haven't given it back yet. ), though it is quite old. You'll need to have at least A-levels under your belt, in order to get near understanding the mathematics behind the algorithms, though.

old Re: Qrchack's Simple Encryption

Geez
GAME BANNED Off Offline

Quote
Thanks for comments. In fact it is a mutation of Caesar's encryption system with hardcoded value (10), but in ASCII. I know it isn't safe, but remember it is designed to be simple. This project took me a total of 3 hours (designed using a pencil, a notebook and a calculator ).

The QSEv2 won't store password in the file. It'll count a checksum out of the password and the data will be encrypted with -checksum offset, so it would be harder to crack it. And because it'll also encrypt the header, we can check if the password is correct just by checking if there is #QSE header at the beginning of the decrypted file).

Thanks for the book, I'm gonna find it as an ebook somewhere and read. If I get an good idea for QSE, I'll post it here.

old Re: Qrchack's Simple Encryption

Geez
GAME BANNED Off Offline

Quote
Yeah, 3 hours. That's because I have found my calculator after 2 hours :D. PS @user mafia_man: you can help me if you want as you're polish. I need someone like a "master"

old Re: Qrchack's Simple Encryption

DannyDeth
User Off Offline

Quote
user Geez has written
The QSEv2 won't store password in the file. It'll count a checksum out of the password and the data will be encrypted with -checksum offset, so it would be harder to crack it. And because it'll also encrypt the header, we can check if the password is correct just by checking if there is #QSE header at the beginning of the decrypted file).


Are you aware that you didn't actually specify any means for utilizing the "password" in the encryption of the text? If you did, it would actually become a cipher ( though a weak one that can be broken with a few bytes of cleartext ).

EDIT: I wouldn't reccommend using mafia_man as any kind of tutor, he once asked me to break a piece of "encrypted" data that was a base64-encoded string, with the added failure of doing it from a website. I mean, really?

old Re: Qrchack's Simple Encryption

Geez
GAME BANNED Off Offline

Quote
Just downloaded the book. First look - only 40 pages? Second look - huh, quite cool. Search for author on google - wow, a Pentagon worker? Anyway, quite cool stuff, so thanks, @user DannyDeth:!

By the way: created a project on Google Code for this. Check it out:

http://code.google.com/p/qses/


I'm gonna post source & binaries of what have I got now.

old Re: Qrchack's Simple Encryption

DC
Admin Off Offline

Quote
I have to agree with those other guys. This encryption is very weak. The major weakness is that you use the same simple and static ASCII offset with each letter.

It's absolutely trivial to decrypt long cryptograms in such a case. You can simply count how often which char occurs and you can then estimate what this char is actually standing for (there are tables which tell you which letter occurs - statistically - how often in a text for each language).

Okay, there's still your simple permutation but it is quite useless. A human being would probably need just a few seconds to find out that you simply swapped letters in pairs of two. I mean it's really not hard to recognize once you found the ASCII offset. You don't even need to program an algorithm or anything to find out how it's done.

So a non static offset (a different offset for each char) which depends on different factors would already improve your algorithm a lot. Maybe depending on the position in the text or a password string which is used to generate offsets. It still wouldn't be very safe but already much harder to decrypt.

old Re: Qrchack's Simple Encryption

sixpack
User Off Offline

Quote
I came up with my own hashing algorithm in 2 hours that is way more secure. Of course it's hashing only. Right now I have been working on a public key cryptographic system but it doesn't seem to be getting ready any time soon. Turns out it's a little bit more difficult than expected.
The lack of time is a killer.

@user DC: The dynamic offset (which kind of reminds me ASLR) will increase the difficulty but it still has some bugs such as: Offset > Plaintext Length ...

@user Geez: You said the password will not be included but will exist as a checksum. So your algorithm needs another algorithm to work. Smart? No.

old Re: Qrchack's Simple Encryption

DannyDeth
User Off Offline

Quote
user sixpack has written
I came up with my own hashing algorithm in 2 hours that is way more secure.

Please post. I'd be glad to cryptanalyze it for you.

user sixpack has written
Right now I have been working on a public key cryptographic system[/quote[
Unless you have a phD in Applied Mathematics, I doubt you will get very far. It's all already been thought of: integer factorization problem, birthday problem, insolvabled lattices, etc. Unfortunately there is not much left in the field to be advanced in, with lattice-based being the most innovative ( and thought to be unchallenged by quantum computing ) these days.

old Re: Qrchack's Simple Encryption

DannyDeth
User Off Offline

Quote
What is a XOR cipher? Lol. You need to learn more terms of the trade. If you mean a stream cipher ( XOR output bits with cleartext bits ), then okay, but you need a strong CSPRNG, and you are no where near that level yet.

old Re: Qrchack's Simple Encryption

DannyDeth
User Off Offline

Quote
Okay, thats exactly what I was talking about. But what you need to actually design is the algorithm that generates the bits to be XOR'd with your cleartext.

old Re: Qrchack's Simple Encryption

Geez
GAME BANNED Off Offline

Quote
Because I'm not going to use LUA. However, I'll take a look into source code of it and try to port it to Pascal/C(++)

old Re: Qrchack's Simple Encryption

VADemon
User Off Offline

Quote
Ah sorry, forgot about the language...
but I'm sure there're ready solutions for Pascal and ofc for C(++) too. So, why?

If you want to make it easy for everyone then wouldn't it be easier just to edit/remake somebody's work to make it more user-friendly?
To the start Previous 1 2 Next To the start
Log in to replyOff Topic overviewForums overview