New encryption thread
- Posted by Hawke' <mdeland at GEOCITIES.COM> Dec 12, 1998
- 393 views
thanks to everyone that replied to my first encryption post. a lot of things said in those posts and a lot of information resources that were pointed to in those posts helped and enabled me to create the next generation of encryption algorithm(s) to be used in EUServer. this latest algorithm i've written, is *far* more secure than any crypto methods used thus far in EUServer, and i believe more secure than the only other encryption algorithm i saw in the EU archive (from ralf...). one of the chief points that prompted me to hurt my wittle head creating a strong, yet easy to understand, and easy to implement algorithm, was a statement made that no algorithm is secure unless the algorithm is viewable, and the viewing of said algorithm doesn't help you decrypt a ciphered string. the resultant algorithm below, is very fast, very easy to understand, and actually quite secure. granted, each 'calculation' upon the key that i make is not necessarily original, and even the sum total of all the calculations may mirror another algorithm, but i did think of it myself :) it should also be exportable and allowable in any country as (in theory) i'm not going past 40bit encryption (theory says i'm using 32bit..) at any point; and yet, theory also says that you would need to attempt up to 6.29e47 permutations of keys to decode it (based upon the server accepting up to length 20 passwords), maybe more... so, here are the algorithms and a testing program to see if you found the proper key for a given cipher. If the consensus is that this is a good, strong, relatively hard to crack algorithm, i will incorporate this into EUServer, but the caveat to that is that, once again, all versions of code prior to this change will be 'broken' and all user files will have to be scrapped again. the upside is that i doubt i'll need to change the encryption again, (if it's agreed that this is a strong enough algorithm) and as such, i won't need to thrash the user files again. also, i feel it would be worth trashing them one last? time... lastly, feel free to use Crypto.e at will, in your own programs, and I will be adding a link on my web page to be able to download that include file. so, can we guess/crack the cipher in try.ex? :) (for verification purposes, and to see if this algorithm might produce the same cipher for more than one key, i include the key that i used to create the cipher far far below in this message. if you find another key that makes try.ex say 'u got it', please, lemme know...) _/ _/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/_/ _/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/ _/ _/_/_/ ({<=----------------------------------------=>}) ({<=- http://members.xoom.com/Hawkes_Hovel> -=}) ({<=----------------------------------------=>}) ----------begin try.ex include Crypto.e constant cmdline = command_line(), cipher = {62,34,74,113,36,33,81,76,20,114,91,52,89,42, 38,91,57,77,56,72,46,109,34,44,116,33,70 } if length(cmdline) != 3 then puts(1,"use: ex try <phrase_u_think_the_password_is>\n") abort(1) end if if Decrypt(cipher,cmdline[3]) then puts(1,"you got it\n") else puts(1,"you don't got it\n") end if ----------end try.ex ----------begin Crypto.e include machine.e function sumup(sequence data) integer sum sum = 0 for i = 1 to length(data) do sum = sum + data[i] end for return sum end function global function Encrypt(sequence key) --we add padding to ensure the cracker doesn't know the PW len --generate a seed set_rand( sumup(key) ) --add random padding key = key & key[1..rand( length(key) )] --xor encrypt the key against a seeded, --random, version of itself return xor_bits(key,rand(key)) end function global function Decrypt(sequence cipher, sequence key) --useage: given an encrypted 'cipher' text string and a test case -- 'key' to decrypt by, return t/f if it was/wasn't the right key object temp --determine the prior seed set_rand( sumup(key) ) --attempt to repad back to the original padding temp = key & key[1..rand( length(key) )] --obviously, if the resultant padding amount is not the --same length of the initial padding amount, it's not the --proper key, but, this next test is also to ensure that --xor_bits has equal length arguments to operate upon if length(temp) != length(cipher) then return 0 end if --reconstruct the randomly seeded, randomly generated cipher temp = xor_bits( cipher, rand(temp) ) --snarf to the correct length temp = temp[1..length(key)] --determine if key is indeed the right key return compare(temp,key) = 0 end function ----------end Crypto.e answer is below this line ------------------------------------ far below :) "elvenbelvedere" sans the quotes