Re: How good an encryption algorithm is this?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Roy Fine (rlfine_at_twt.obfuscate.net)
Date: 11/23/04

• Next message: Igor Tandetnik: "Re: How good an encryption algorithm is this?"
• Previous message: Tim Jarvis: "Re: Finding subclasses"
• In reply to: Bonj: "How good an encryption algorithm is this?"
• Next in thread: Igor Tandetnik: "Re: How good an encryption algorithm is this?"
• Reply: Igor Tandetnik: "Re: How good an encryption algorithm is this?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 23 Nov 2004 18:19:27 -0500

Bonj,

You have essentially implemented a stream cipher - and they are much easier
to beat than are block ciphers. In the end, a positional output character
of your algorithm is a simple function of the same positional input
character and the password. That becomes trivial to beat with a dictionary
attack. Additionally, look at the encrypted output for every case where the
input has the character 'A', or 'B', or 'C' in position 1, or 2, or 3. If
you see a pattern, then so will the hackers, and your scheme is all for
naught. Encode "TheMajicBonj" and examine the encoded value. Then encode
"SheMajicBonj", "WeeMajicBonj", "FeeMajicBonj", and "KeeMajicBonj". We see
that the character 'e' in position 3 always encodes to the same value -
OOOOOPS now we are getting close to breaking the code. So all of your
mucking about - and you can get from the letter e in position x of plaintext
to the character '??' in same position x of decoded text.

Additionally, if I could convince you to add my account to your database,
and then if I could get access to the encrypted data, then I don't need to
know the algorithm. Consider how much easier it gets if you then allow me
to change my password a couple of times, all the while looking at the
resultant encoded/encrypted data - discovering the net mapping scheme
becomes straight forward. - out jumps Captain Midnight's Ovalteen Decoder
Ring.

regards
roy

---

• Next message: Igor Tandetnik: "Re: How good an encryption algorithm is this?"
• Previous message: Tim Jarvis: "Re: Finding subclasses"
• In reply to: Bonj: "How good an encryption algorithm is this?"
• Next in thread: Igor Tandetnik: "Re: How good an encryption algorithm is this?"
• Reply: Igor Tandetnik: "Re: How good an encryption algorithm is this?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: How good an encryption algorithm is this? ... You have essentially implemented a stream cipher - and they are much easier ... In the end, a positional output character ... Encode "TheMajicBonj" and examine the encoded value. ... (microsoft.public.vc.language) Re: output ampersand using XML::Twig ... XML data, then it receives unescaped utf8 strings from the parser ... first 2 solutions) being to get the unicode character for   ... turn off XML escapes for the element content ... {# use an Encode output filter that encodes (using decimal ... (comp.lang.perl.modules) Re: editing perl script through TEXTAREA ... not converted to the corresponding HTML entity. ... then browsers do strange things with them. ... As the Perl Encode ... character which cannot be represented in the prevailing character ... (comp.lang.perl.misc) Re: unicode ... 'ascii' codec can't encode character u'\u9999' in ... it looks like when I try to display the string, ... If you try to print a Unicode string, then Python will attempt to first ... encode it using the default encoding for that file. ... (comp.lang.python) Re: POSTing Chinese characters ... For the example string I mention, simply encode as ... the client locale could be anywhere... ... > The basic idea of %-encoding is to treat character encoding as a sequence ... (microsoft.public.inetserver.iis)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.languages.csharp  > 2004-11