An encrypt/decrypt function
Hi, haven't been active on the forums in a while but I was looking for some feedback, the last time I attempted a cipher, it didn't use a key and was pretty basic. Here is my latest attempt, what do you guys/gals think?
Uses: To encrypt sensitive player attributes. To encrypt any string on the server really. Pros: Makes strings semi-secure. Cons: Makes strings long. PHP Code:
|
Cool, but why are you pre-defining variables?
|
This provides almost no security at all. It's just a caesar cipher, and can be easily broken by either frequency analysis or analysis based on a chosen plaintext.
Your use of the term "salt" is incorrect. A salt is used to help protect against rainbow table attacks and sometimes against brute-force attacks for a hash function. Yours is not a hash function. I also can't imagine what applications this could possibly have for Graal. |
Gotta encrypt your PM so unixmad can't listen in on your conspirating.
|
Quote:
|
Quote:
Also since you're saying it has almost no security, if I encrypt a string for you, would you be happy to try and decrypt it? |
Encrypt functions are always fun to make! Remember making one myself some time ago: http://forums.graalonline.com/forums...ad.php?t=79594 (attachment in that post: http://forums.graalonline.com/forums...6&d=1209707502)
Quote:
|
Quote:
However, if it is a one-time-pad, then this type of encryption is impossible to break without brute forcing. With that being said, one-time-pad's are really bad for networking and it generally means that a new key has to be transmitted over the wire, which can be intercepted anyway. |
You don't seem to believe me when I say this provides almost no security, so let's go through it.
For this example, I've rewritten your code into Groovy since I don't have access to a server to test on at the moment: PHP Code:
Quote:
Let's shift the values so that the lowest one is 32, since that's typically the character with the lowest value we'll see. The smallest value is 14423156, so we'll subtract 14423124 (which is 14423156 - 32) from each of the numbers to get this: Quote:
Quote:
The only reason we were able to figure out the key in one step is because the plaintext I used happened to have a space, which is the lowest-value ASCII character we're likely to run in to. What if I was looking at a string with no space? Here's another example: Quote:
Quote:
Quote:
That doesn't really matter, though, since we can easily brute force it. Let's try decrypting the 83.103.100... from above using every possible key from -32 to 95 (we know it must be in this range if we're dealing with ASCII data). A quick script will let you try that. Here are the outputs for decrypting with all keys from -32 to 95: Quote:
Quote:
Does that make sense? Your algorithm will provide almost no security. Encryption is difficult to get right, which is why you should always look at the established algorithms instead of trying to create your own. Modern algorithms aren't susceptible to the kind of simple attacks we performed above. Quote:
|
Quote:
plus i heard chris vimes is a porker and i have 8% bodyfat and was a state ranked athlete in high school so i'm pretty much better all around |
Well thanks I guess, I suppose it's not viable to use, but nonetheless it was fun to make :)
I didn't really think of brute force, but I will sure as hell try to make another improved harder to crack version aha. |
All times are GMT +2. The time now is 10:33 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.