1. encryption

for EUServer, I upped the encryption strength as the
algorithm before was simply, really, too weak...

as such, I am in need of person's interested in
attempting to take an encrypted string (sequence of
char) and determine what the password is, from that string...

here is a sample of an encrypted string:
(which is also declared for you in trycrack.ex)

and attached are 2 files, one contains the encryption
algorithm (shrouded) and another is a sample program
on how to use that program
( Encrypt.shr basically has 2 functions:
  Encrypt(sequence password)
  --returns an encrypted string based upon password

  Decrypt(sequence encrypted_string, sequence attempt)
  --returns a string that is the result of applying
  --attempt to encrypted_string.  if that result is
  --the same as attempt, then you know that attempt
  --was the correct password
)

and your guess is? :)

thanks in advance...

--Hawke'

new topic     » topic index » view message » categorize

2. Re: encryption

>for EUServer, I upped the encryption strength as the
>algorithm before was simply, really, too weak...


One common method used for encrypting passwords is a one way encryption.
Using this method, you convert a password, say, "password", into a number:

number = OneWayEncrypt("password")
if OneWayEncrypt(GetInputFromUser())=number then
    puts(1, "Good password")
else
    puts(1, "Bad password")
end if

This way, if someone sees the number, they still won't know the password
unless they can come up with a string that will give the same number. The
key is coming up with a good algorithm.

Some algorithms will return the same number for several passwords. But while
it may give 3813445 for "password", the other passwords that would give the
same number could be "$*da3013NVdd*" and "]\vn3(". Basically, it wouldn't be
easy to crack. smile

Hope this helps out some.

new topic     » goto parent     » topic index » view message » categorize

3. Re: encryption

>as such, I am in need of person's interested in
>attempting to take an encrypted string (sequence of
>char) and determine what the password is, from that string...

The mark of a good encryption algorythm is that it can't be easily cracked
without the password, *even if the attacker knows the algorythm* (which
will eventually be discovered anyway).  So a better test would be to
provide the encrypt function and see if anyone can come up with another
function which would either crack the code or narrow down the list of
possible passwords to the point where a brute-force attack (run through all
the passwords till one works) might be feasible.  I know very little when
it comes to encryption algorythm design, but I recommend the newsgroup
sci.crypt  A while ago I came up with an algorythm and posted it, but was
answered with a humbling cryptoanalysis explaining just how easily it could
be cracked.

good luck
isaac

new topic     » goto parent     » topic index » view message » categorize

4. Re: encryption

> I know very little when it comes to encryption algorythm design, but I
recommend the newsgroup

Me neither ;)

To my knowledge, an encryption routine encrypts the *data* using the
password as it's key.
This means that the password "modifies" the data, and the only way to
re-construct the data
is using the same password again (or other one, like in public-provite
keys):

encryptData = encrypt(data, password)
data = encrypt^-1(encryptData, password) -- Inverse function

On a previous email someone said something about assigning a number to a
string... look
for hashing function, they do just that.

At www.rsa.com you can get cryptography information.

Regards,
    Daniel   Berstein
    daber at pair.com

new topic     » goto parent     » topic index » view message » categorize

5. Re: encryption

>>>>>
The mark of a good encryption algorythm is that it can't be easily cracked
without the password, *even if the attacker knows the algorythm* (which
will eventually be discovered anyway).  So a better test would be to
provide the encrypt function and see if anyone can come up with another
function which would either crack the code or narrow down the list of
possible passwords to the point where a brute-force attack (run through all
the passwords till one works) might be feasible.  I know very little when
it comes to encryption algorythm design, but I recommend the newsgroup
sci.crypt  A while ago I came up with an algorythm and posted it, but was
answered with a humbling cryptoanalysis explaining just how easily it could
be cracked.
<<<<<

You are precisely right, Issac.  Again, I am not a cryptanalyst, but this
is a principle of encryption: count on your passwords, not the secrecy of
your algorithm.  Also, I didn't seem to get encrypt.shr?

Alan

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu