1. encryption
- Posted by Hawke' <mdeland at GEOCITIES.COM> Dec 11, 1998
- 329 views
for EUServer, I upped the encryption strength as the algorithm before was simply, really, too weak... as such, I am in need of person's interested in attempting to take an encrypted string (sequence of char) and determine what the password is, from that string... here is a sample of an encrypted string: (which is also declared for you in trycrack.ex) and attached are 2 files, one contains the encryption algorithm (shrouded) and another is a sample program on how to use that program ( Encrypt.shr basically has 2 functions: Encrypt(sequence password) --returns an encrypted string based upon password Decrypt(sequence encrypted_string, sequence attempt) --returns a string that is the result of applying --attempt to encrypted_string. if that result is --the same as attempt, then you know that attempt --was the correct password ) and your guess is? :) thanks in advance... --Hawke'
2. Re: encryption
- Posted by Robert Pilkington <pilking at BELLATLANTIC.NET> Dec 11, 1998
- 319 views
>for EUServer, I upped the encryption strength as the >algorithm before was simply, really, too weak... One common method used for encrypting passwords is a one way encryption. Using this method, you convert a password, say, "password", into a number: number = OneWayEncrypt("password") if OneWayEncrypt(GetInputFromUser())=number then puts(1, "Good password") else puts(1, "Bad password") end if This way, if someone sees the number, they still won't know the password unless they can come up with a string that will give the same number. The key is coming up with a good algorithm. Some algorithms will return the same number for several passwords. But while it may give 3813445 for "password", the other passwords that would give the same number could be "$*da3013NVdd*" and "]\vn3(". Basically, it wouldn't be easy to crack. Hope this helps out some.
3. Re: encryption
- Posted by isaac <isaaca at MINDSPRING.COM> Dec 11, 1998
- 340 views
- Last edited Dec 12, 1998
>as such, I am in need of person's interested in >attempting to take an encrypted string (sequence of >char) and determine what the password is, from that string... The mark of a good encryption algorythm is that it can't be easily cracked without the password, *even if the attacker knows the algorythm* (which will eventually be discovered anyway). So a better test would be to provide the encrypt function and see if anyone can come up with another function which would either crack the code or narrow down the list of possible passwords to the point where a brute-force attack (run through all the passwords till one works) might be feasible. I know very little when it comes to encryption algorythm design, but I recommend the newsgroup sci.crypt A while ago I came up with an algorythm and posted it, but was answered with a humbling cryptoanalysis explaining just how easily it could be cracked. good luck isaac
4. Re: encryption
- Posted by Daniel Berstein <daber at PAIR.COM> Dec 11, 1998
- 344 views
- Last edited Dec 12, 1998
> I know very little when it comes to encryption algorythm design, but I recommend the newsgroup Me neither ;) To my knowledge, an encryption routine encrypts the *data* using the password as it's key. This means that the password "modifies" the data, and the only way to re-construct the data is using the same password again (or other one, like in public-provite keys): encryptData = encrypt(data, password) data = encrypt^-1(encryptData, password) -- Inverse function On a previous email someone said something about assigning a number to a string... look for hashing function, they do just that. At www.rsa.com you can get cryptography information. Regards, Daniel Berstein daber at pair.com
5. Re: encryption
- Posted by Alan Tu <ATU5713 at COMPUSERVE.COM> Dec 12, 1998
- 321 views
>>>>> The mark of a good encryption algorythm is that it can't be easily cracked without the password, *even if the attacker knows the algorythm* (which will eventually be discovered anyway). So a better test would be to provide the encrypt function and see if anyone can come up with another function which would either crack the code or narrow down the list of possible passwords to the point where a brute-force attack (run through all the passwords till one works) might be feasible. I know very little when it comes to encryption algorythm design, but I recommend the newsgroup sci.crypt A while ago I came up with an algorythm and posted it, but was answered with a humbling cryptoanalysis explaining just how easily it could be cracked. <<<<< You are precisely right, Issac. Again, I am not a cryptanalyst, but this is a principle of encryption: count on your passwords, not the secrecy of your algorithm. Also, I didn't seem to get encrypt.shr? Alan