Quote:
Originally Posted by Gunderak
Damn lol, each time I think iv'e got it figured, you expose the holes haha.
But it brings me to the next point, if the "hacker" didn't know how I was encrypting things or had access to the function to get the key, wouldn't that make it more secure?
Eg, if they didn't have access to the function, they wouldn't be able to test their values to get the key.
|
It will still be pretty obvious what you are doing to anybody with any experience, especially your first method. The second is a bit better, but it will still be quite simple to crack. Also note that both of your functions output strings that are vulnerable to simple frequency analysis, so there's no need to even attempt to figure out the function you use for encryption. It will be even simpler if they can force you to encrypt things (e.g. by sending an encrypted message) since they can perform a
chosen plaintext attack.
What you are proposing is the definition of security through obscurity. In your case, yeah, it would probably increase security, but only because your attackers aren't very dedicated. In general though it is far better to go with a published algorithm like AES than to try to outsmart the people trying to break your encryption. The "best" encryption scheme is generally the one that has been around a long time, has received a lot of attention, and has still not been broken. You can read more about
AES's history and see that some of the candidates had severe flaws which were discovered only because the algorithms were published (and of course the people writing the algorithms who missed those flaws were a lot smarter than you or me).
Also in general it's inevitable that your encryption code will be leaked eventually, so it makes sense to pick the algorithm where it doesn't matter if the code is public rather than the one that might completely crumble when the code is public.
07-26-2013, 02:38 PM
Hybrid Mode
