Encryption of strings
 

Got a bit bored and decided to code my own little encryption thing.
It basically get's a string and converts it into an ASCII array, it then multiplies each item in the array by a "key" and encodes that with base64.
The result ends up being relatively long but still pretty secure.
I don't intend for this to be used for passwords so i'm releasing it.
If you'd like to see what it does, iv'e attaches a screenshot.
Here's the class, name it "Encryption":
And here's an example of a use for it.
This isn't the most efficient way of encrypting strings, but I just wanted to attempt it.
I originally wanted to return the binary of the strings but graal doesn't contain a default way to do it.
Meaning i'd have to write a really long code and try to comprehend confusing formulas.

Question: so your just doing this to each letter? Then encoding as Base64?

Why not use a word/sentance or w/e?

Alot of times you will see people making a string.. like lets say "cat"... and encrypt the word "rabbit" for example.. r is encrypted depending on the first letter of the key.. "c".. a with "a"... b with "t".. b with "c".. going around in a circle using each letter from "cat".. also they will also use some sort of % math.. like

3%2 = 1... knowing it can only be a number of possibilities.. 256 char possibility. because if you do enough math to a single chracter.. lets say "41" which is hex for ASCII "a".. or "A".. I forget wether it's capital or lowercase at 41.. I think the other is 61? anyways.. if you did say num+10000000 that would result in more then 1 character to represent the character being encrypted...

Just a thought tho. Sorry if this sounds confusing, I have worked 2 days and now running on about 4.5 hours of sleep.. bout to go to sleep and sleep my day away right now .. lol but any questions I would be glad to try and explain what I mean..

Little confused, I was thinking of creating a character map eg, a is equivalent to "7", b "K" and so on, but eh this way looked better.
And the reason I divide by 2 then multiply etc is to make it more confusing.
If someone was trying to crack the string, without knowing the script they could probably tell it's using base64, then when they decipher it they'd see hang on each letter represents a number, and catch on. Where as this, it represents a number, but the number is "hashed" sort of.
Never actually tried to encrypt information properly before, so this was more of a learning curve.

But it's not a hash. Hash's cannot be decrypted. Such as SHA and MD5.

Here is an example of what I mean.

Input
Encryption Key
Lets look at the binary value
What you can then do is copy and past the binary from "dog" untill it's as long as the Hello World.. then just "xor" it..

Xor Eample:

Which means the first "l" is 00001011 while the second is 00001000.. It's not easy pattern at all to figure out even.

Since the size of the encrypted string is the same, we can just xor it again, by the same value, and it should decrypt the string ;)

How would you get the binary of a string in GS2 O.o
I'm not really a math expert.
I sort of understand what you mean.

Not sure if there is a default function however I only showed binary to kinda explain how an xor works.. you can ofcourse use variables..

It's obviously not gonna output in binary.. uhm.. output it as an int.. and do dec to binary .. using calc


Play around with it a bit, see if you can make sense of the input/output.. post back here if u have more questins.. :) glad to help.

The first rule of security is best phrased as "don't try to make your own, you'll **** it up". Pick an algorithm that's been well-researched and is known-strong to implement.

You should almost never encrypt passwords, plus any encryption scheme worth its salt (hah!) is strong regardless of whether or not the algorithm used is known.

As I stated and you quoted. This encryption isn't intended for a password, more of a fun little challenge.

Elaborate.

I'm under the impression he's not trying to use this but he's only playing with it to help better understand it.. Also, salts are a good idea too.

Yeah, pretty much sums it up.
A way of using this would be to store the "encrypted" string in a database then have the server compare what the "encrypted" user input. So theoretically it could be used.

Since it can be decrypted you would want to use a hash for that.. Because hashes cannot be.. And that's how u use a hash (one way encryption)..


He means passwords should be encrypted using a one way encryption (hash).. Something that if stolen u can't decrypt since it compares your encrypted input to the encrypted password.. I believe hashes are still considered a type of encryption..

I am not here to explain the differences between hashing and encrypting, but they are 2 different things.

Hm, you've got a point. I didn't think this through, I guess. But you are right, and so is Chris. Passwords shouldn't be stored at all, only their hashes.

This is what I was referring to. Passwords should be hashed, not encrypted (usually).