Re: New encryption thread
>let's pretend that besides being an FTP server machine, that
>this machine is doing *other* things...
>like, allowing users access to a shell account...
>why? okay, let's go further...
>I'm helping someone make a MUD, but, i'm sysop level, NOT the owner
>of the machine.
>I can access any directory of the mud software, as i would need tobe
>able to do, to perhaps alter code or areas (buggy areas mebbe?)
>so the owner of the machine, like root in linux, would give me
>a username and password for the shell account.
>
>so, now we have people that might (depending on how smart the end
>'owner' actually is) be able to view a userfile... do i need
>to go on or can you see what problems we might have if someone
>is 'serving' BOTH a ftp server and a MUD (and mebbe other things)...
<rest of explanation snipped>
I understand now, thanks!
>> The strongest portion of your algorithm is the dynamicaly ranged random
>> number generation, but each number in the ciphertext does provide a minimum
>> value for the corresponding character in the key.
>hrmmmmm that is quite true... since i'm rand(key[i])'ing, we would
>indeed
>know that at each cipher[i] that the number there had to be AT LEAST
>that
>big... this is bad... i'll think on it.. :)
This is not true everytime. For example, suppose the plaintext character is
64 (01000000) and the random value based on it is 59 (00111011). Since you
are XORing the values and not subtracting one from another, you will have
value 123 (01111011), that is bigger than the original char.
>(one of the increases i thought of would be using successive
>encryption...
> applying a value to a value next to it... would this .... ponder...
> would that prevent this issue?)
Even if the above is not the reason, this may improve the security anyway.
At least, I suppose it will not weaken it. This should be rather easy to
implement, so I think it's a nice idea.
>> Though it could use a bit more work, here's a new version of sumup which
>> should increase the overall strength immensly:
>> function sumup(sequence data)
>> atom sum sum=0
>> for i = 1 to length(data) do
>> sum = remainder (sum + data[i]*power(4,i-1),power(2,31))
>> end for
>> return sum
>> end function
>yeah, i like that... thanks! good stuff...
>(makes your head kinda hurt trying to determine how many potential
>seed values it generates... :)
It will in theory occupy all the bytes if you use a 13-char
or longer password. The only drawback I see with this is that the
characters in the 17th position and above that will not have any
influence in the seed generated. A solution would be to change
sum = remainder (sum + data[i]*power(4,i-1),power(2,31))
to
sum = remainder (sum + data[i]*power(4,i-1),power(2,31)-1)
You only lose one possible seed (not much loss in strength), and
the problem is solved.
>>>be careful, eh?
>>Don't worry, I live in Brazil :)
>hrm, does that mean u will have to wait for me to get gov't
>approval before u can play with belvedere? :(
>could be years ;)
Well, if the government doesn't think it is too strong (and
it probably isn't, as you're using a 32-bit key), I will be
able to use it. Anyway, if the government decides to bother
you, you can implement a weaker algorithm and distribute
it with the package, and distribute the stronger one
separately, only for U.S. citizens... (but then I won't
be able to see it... oh well)
Talking about using EUServer, I've tried it without success. I
mean, it runs ok, but I can't access it using the telnet program
that came with Win95. I think the problem is with the client,
I've never been able to access any telnet server. I always get a
'Connection failed!' error... does anyone know what can be
happening?
Ralf wrote:
>From all the info here, I'll make an irritating hard-to-crack algorithm and
>offer it through my *dutch* site. This way we can avoid the US' chilidisch
>and paranoi export laws, etc.
Let me just warn you, from what I have read on this subject, it is very
difficult to create a really strong encryption algorithm. Maybe someone
could try implementing one of the well-known and probably very safe hash
functions, like MD5 (maybe, when I have no other project to work on, I will
try it, but I'm not sure yet).
Regards,
Davi Figueiredo
davitf at usa.net
____________________________________________________________________
Get free e-mail and a permanent address at http://www.amexmail.com/?A=1
|
Not Categorized, Please Help
|
|
