123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|535|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> Concept/Design -> Encryption

Thu, 17 Apr 2008, 11:55
HoboBen
Just keeping this simple, for now. I've got this text:



Right now, encrypting it with the string "abcdefghijk" produces some lovely hexadecimal gibberish, which would be fine if I wasn't going to redistribute the decrypting part. But if I decrypt it with the string "abcdefghijx" (the last letter changed) I get this:



Which is obviously really bad, as anyone can guess the key one letter at a time!

What's a nice way of doing it properly? I've done a Google, but I can't seem to find anything in between rot13 and 100-page acedemic PDFs!

(I'm not looking for something secure enough to store your bank details in, but it would be nice if it was good enough that it wouldn't take someone ten minutes to crack! If at all possible too, good enough that even if someone saw the source code it would still stand up (no over-dependence on obsfucation))

-=-=-
blog | work | code | more code
Thu, 17 Apr 2008, 12:48
Phoenix
I'm sure Agent Smith knows the most about encryption on this forum. He hasn't been here for five days, but he'll show up eventually, I guess. I know nothing about it though, so I'm of little help.

Good luck, though!
Thu, 17 Apr 2008, 12:55
HoboBen
Heh, thanks

I downloaded the source code for PuTTY (for the SSH stuff), but all I could find was their hashing (MD5/Sha) algorithms, which I don't think would help in this case. But besides that, it was a bit beyond me anyway!

Edit: Googling more - Wow, the internet is *full* of people who think reversing a base-64 string counts as encryption! I'm going to think twice next time I sign up for a website

-=-=-
blog | work | code | more code
Thu, 17 Apr 2008, 20:25
Scherererer
What is this being used for? is it password storage or is it encrypting a string that needs to be decrypted? I say this because, a password doesn't have to *Actually* be stored, just the hash (which can't be reversed without a pretty hardcore lookup rainbow table), whereas something that needs to be decrypted can't be done that way.

-=-=-
YouTube Twitter
Computer Science Series: Logic (pt1) (part 2) (part 3) 2's Complement Mathematics: Basic Differential Calculus
Fri, 18 Apr 2008, 09:42
HoboBen
Yup, I know about password hashing. I'm after a way to encrypt and decrypt the (XML-style) markup used by my GUI. This would be to protect game-related files, e.g. so that you can't edit the shop menu to make the best weapon the cheapest, for example.

For a game file, a bit of obsfucation and really-simple encryption would probably suffice, but I also hope that people who may use my GUI could have the ability to protect the source code of their scripts, so I'd have to do a proper job of the encryption.

-=-=-
blog | work | code | more code
Fri, 18 Apr 2008, 12:07
HoboBen
Speak of the devil!

Thank you for those links.

Edit: Wow, that second website is full of great stuff on a load of other topics, too.

-=-=-
blog | work | code | more code
Sun, 20 Apr 2008, 22:57
HoboBen
Well, I'm not doing too bad implementing AES encryption (I've got two of the four operations working, so far) thanks to the second link that Agent Smith posted, but taking a break from that I wanted to implement a MD5 hashing function.

There's JavaScript ones, and even BlitzBasic ones, but I've yet to find a good MD5 tutorial that mathematically explains the hashing. I find doing a straight code-to-code port hard if I don't actually understand what it's doing (which is why it's taking so long for me to implement the AES encryption; I'm trying to understand the maths behind each bit, so that I know I've done it right!)

So does anyone know of any MD5 tutorials like that? Alternatively, please tell me what << means in JavaScript!

-=-=-
blog | work | code | more code
Mon, 21 Apr 2008, 02:51
Afr0
Hm, I've been watching 'National Treasure 2', and if you need a crypto system that doesn't require so much maths, is a little less secure, but much easier to use, you could look into the Playfair Cipher. A Java implementation is available here

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Mon, 21 Apr 2008, 06:14
Afr0
Ooh, cool!
I'll convert this to C# later tonight

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Mon, 21 Apr 2008, 13:28
HoboBen
AFAIK << in JavaScript is just bitwise left shift, same as in C.


Cool, thanks.

And yep, I'll make sure to test it - after going to all the effort of writing the thing, it would be a shame not to have a proper implementation!

-=-=-
blog | work | code | more code
Mon, 21 Apr 2008, 13:40
Yo! Wazzup?
lol, I was about to make a quick playfair converter in C

-=-=-
Hi everyone! I'm new to Blitz and only 10 years old so all things coding is gush to me
Mon, 21 Apr 2008, 17:17
Afr0
Hm, not done yet, but this is what I have so far:



Note to Agent Smith: Damn you for using retarded C comments and 2 spacings. :\

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Tue, 22 Apr 2008, 12:23
Afr0
As for the 2-space indentation - yeah, I dunno about that either. It's just a personal taste thing. 3 or more seems too much for me. What, are you dyslexic or something? Some people on this forum don't bother indenting at all - which I find even more vexing.


Nope, not dyslectic, more dyscalculectic. Anyways, the only other coders I've seen using 2 space indenting are Delphi and/or Turbo Pascal programmers. In the C-family, tab indentation seems to be used almost exclusively, so I wasn't prepared for it.
You're right though, people who don't indent at all shouldn't program at all.

Edit: Oh yeah, and I've started converting your enciphering code into 'proper' C# code using strings, and so far it's going quite well. However, I can't understand what you're doing here?



-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Tue, 22 Apr 2008, 13:19
Phoenix
The whole line is:



So c2 is a pointer to a char, which is located one step from the memory position of c1 (unless it's unicode). So, if c1 points to "abcdef", c2 would point to "bcdef".

At least, that's how I think it is. Feel free to correct me if I'm wrong, Agent Smith.
Tue, 22 Apr 2008, 14:46
mike_g
yes, it sets the c2 pointer because the assignment is at the same time as the declaration. In other circumstances it would assign the memory address of c1+1 to what c2 points to.

So far I don't really see a point in using 'register' variables. In my experience it has always been slower than normal variables, even when I'm only requesting one. Plus being a GNU language extension id guess it affects the portability of the code.
Tue, 22 Apr 2008, 15:34
Afr0
Ok, thanks, cool.
Here's the newest version.
It's already a little easier to understand.
What happens during the Deciphering function is that you basically move through the string and change it according to the rules set down by Charles Wheatstone.



-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Wed, 23 Apr 2008, 00:16
Afr0
Hm, regardless, the C# compiler is being picky and wants to make sure that all possible exceptions are covered. It simply won't compile without those! :o

Edit: I think it's because they are out parameters, and will be returned regardless, and so the compiler wants to make sure they're not null.

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!
Wed, 23 Apr 2008, 01:28
Phoenix


That is also a bit redundant, since C# already has predefined true and false values.

Also, pointers should generally not be used in C#, and even though I haven't really looked at the code in detail I cannot imagine that it does something which requires pointers.
Wed, 23 Apr 2008, 06:27
Afr0
Phoenix: The reason I'm still using pointers is because I haven't yet quite managed to figure out what Agent Smith is doing with all those pointer arithmetic operations.

Agent Smith: Yes, I'm making it into a reusable class - that's why Found() and Find() are private, for instance. My idea was to have a property named EncipheredString or something, and another one named DecipheredString, that would be accessible from an instance of the class, and return the proper values given Deciper() and Encipher() has been used with the correct password values and such.

-=-=-
Afr0 Games

Project Dollhouse on Github - Please fork!